From 9b039bf749b8b581e5367b8f52fab762e409a295 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Wed, 11 Dec 2024 14:01:40 +0100 Subject: [PATCH 01/92] initial commit --- .tekton/create-snapshot-task.yaml | 29 + .tekton/operator-bundle-build.yaml | 2 + .tekton/operator-bundle-pipeline.yaml | 759 +++++++++++++------------- 3 files changed, 424 insertions(+), 366 deletions(-) create mode 100644 .tekton/create-snapshot-task.yaml diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml new file mode 100644 index 0000000000000..5702b14ae4359 --- /dev/null +++ b/.tekton/create-snapshot-task.yaml @@ -0,0 +1,29 @@ +apiVersion: tekton.dev/v1 +kind: Task +metadata: + name: create-snapshot + namespace: rh-acs-tenant +spec: + description: Creates snapshot + params: + - name: SOURCE_ARTIFACT + description: The Trusted Artifact URI pointing to the application source code. + type: string + - name: IMAGES + description: Image references. + type: string + steps: + - name: use-trusted-artifact + image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:81c4864dae6bb11595f657be887e205262e70086a05ed16ada827fd6391926ac + args: + - use + - $(params.SOURCE_ARTIFACT)=/var/workdir/source + - name: wait-for-image + image: registry.access.redhat.com/ubi9/ubi:latest + script: | + #!/usr/bin/env bash + set -euo pipefail + dnf -y upgrade --nobest + dnf -y install jq + + echo "$(params.IMAGE_REF)" | jq diff --git a/.tekton/operator-bundle-build.yaml b/.tekton/operator-bundle-build.yaml index 6a01a791758db..0948fe856408b 100644 --- a/.tekton/operator-bundle-build.yaml +++ b/.tekton/operator-bundle-build.yaml @@ -56,6 +56,8 @@ spec: value: '0' - name: clone-fetch-tags value: 'true' + - name: application + value: 'acs' workspaces: - name: git-auth diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index c61ba7440c4e7..9fba58df3b7c0 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -214,6 +214,11 @@ spec: type: string default: "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8" + - name: application + description: Name of the Konflux application that the bundle is created for to use in snapshot. + type: string + default: "acs" + results: - description: "" name: IMAGE_URL @@ -288,373 +293,395 @@ spec: - name: basic-auth workspace: git-auth - - name: determine-operator-image-tag - params: - - name: TAG_SUFFIX - value: $(params.output-tag-suffix) - - name: SOURCE_ARTIFACT - value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - - name: MAKEFILE_DIRECTORY - value: ./operator - taskRef: - name: determine-image-tag - - - name: determine-main-image-tag + # - name: determine-operator-image-tag + # params: + # - name: TAG_SUFFIX + # value: $(params.output-tag-suffix) + # - name: SOURCE_ARTIFACT + # value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + # - name: MAKEFILE_DIRECTORY + # value: ./operator + # taskRef: + # name: determine-image-tag + + # - name: determine-main-image-tag + # params: + # - name: TAG_SUFFIX + # value: $(params.output-tag-suffix) + # - name: SOURCE_ARTIFACT + # value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + # - name: MAKEFILE_DIRECTORY + # value: "." + # taskRef: + # name: determine-image-tag + + # - name: prefetch-dependencies + # params: + # - name: input + # value: $(params.prefetch-input) + # - name: SOURCE_ARTIFACT + # value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + # - name: ociStorage + # value: $(params.output-image-repo):konflux-$(params.revision).prefetch + # - name: ociArtifactExpiresAfter + # value: $(params.oci-artifact-expires-after) + # taskRef: + # params: + # - name: name + # value: prefetch-dependencies-oci-ta + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:b1ac9124ad909a8d7dbac01b1a02ef9a973d448d4c94efcf3d1b29e2a5c9e76f + # - name: kind + # value: task + # resolver: bundles + # workspaces: + # - name: git-basic-auth + # workspace: git-auth + + # - name: wait-for-operator-image + # params: + # - name: IMAGE + # value: "$(params.operator-image-build-repo):$(tasks.determine-operator-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # # This timeout must be the same as the pipeline timeout in `operator-build.yaml`. + # timeout: 1h10m + + # - name: wait-for-main-image + # params: + # - name: IMAGE + # value: "$(params.main-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # # This timeout must be the same as the pipeline timeout in `main-build.yaml`. + # timeout: 2h40m + + # - name: wait-for-scanner-image + # params: + # - name: IMAGE + # value: "$(params.scanner-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # # This timeout must be the same as the pipeline timeout in `scanner-retag.yaml` + # timeout: 40m + + # - name: wait-for-scanner-db-image + # params: + # - name: IMAGE + # value: "$(params.scanner-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # # This timeout must be the same as the pipeline timeout in `scanner-db-retag.yaml` + # timeout: 40m + + # - name: wait-for-scanner-slim-image + # params: + # - name: IMAGE + # value: "$(params.scanner-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # # This timeout must be the same as the pipeline timeout in `scanner-slim-retag.yaml` + # timeout: 40m + + # - name: wait-for-scanner-db-slim-image + # params: + # - name: IMAGE + # value: "$(params.scanner-db-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # # This timeout must be the same as the pipeline timeout in `scanner-db-slim-retag.yaml` + # timeout: 40m + + # - name: wait-for-scanner-v4-image + # params: + # - name: IMAGE + # value: "$(params.scanner-v4-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # # This timeout must be the same as the pipeline timeout in `scanner-v4-build.yaml`. + # timeout: 1h10m + + # - name: wait-for-scanner-v4-db-image + # params: + # - name: IMAGE + # value: "$(params.scanner-v4-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # # This timeout must be the same as the pipeline timeout in `scanner-v4-db-build.yaml`. + # timeout: 1h10m + + # - name: wait-for-collector-slim-image + # params: + # - name: IMAGE + # value: "$(params.collector-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # # The timeout must be the same as the pipeline timeout in `collector-slim-retag.yaml` + # timeout: 40m + + # - name: wait-for-collector-full-image + # params: + # - name: IMAGE + # value: "$(params.collector-full-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # # The timeout must be the same as the pipeline timeout in `collector-full-retag.yaml` + # timeout: 40m + + # - name: wait-for-roxctl-image + # params: + # - name: IMAGE + # value: "$(params.roxctl-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # # This timeout must be the same as the pipeline timeout in `roxctl-build.yaml`. + # timeout: 1h10m + + # - name: wait-for-central-db-image + # params: + # - name: IMAGE + # value: "$(params.central-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # # This timeout must be the same as the pipeline timeout in `central-db-build.yaml`. + # timeout: 1h40m + + # - name: build-container + # params: + # - name: IMAGE + # # Note the operator bundle tag is prefixed with "v". + # value: $(params.output-image-repo):v$(tasks.determine-operator-image-tag.results.IMAGE_TAG) + # - name: DOCKERFILE + # value: $(params.dockerfile) + # - name: CONTEXT + # value: $(params.path-context) + # - name: HERMETIC + # value: $(params.hermetic) + # - name: PREFETCH_INPUT + # value: $(params.prefetch-input) + # - name: IMAGE_EXPIRES_AFTER + # value: $(params.image-expires-after) + # - name: COMMIT_SHA + # value: $(tasks.clone-repository.results.commit) + # - name: BUILD_ARGS + # value: + # - OPERATOR_IMAGE_TAG=$(tasks.determine-operator-image-tag.results.IMAGE_TAG) + # - OPERATOR_IMAGE_REF=$(params.operator-image-catalog-repo)@$(tasks.wait-for-operator-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_MAIN=$(params.main-image-catalog-repo)@$(tasks.wait-for-main-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_SCANNER=$(params.scanner-image-catalog-repo)@$(tasks.wait-for-scanner-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_SCANNER_DB=$(params.scanner-db-image-catalog-repo)@$(tasks.wait-for-scanner-db-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_SCANNER_SLIM=$(params.scanner-slim-image-catalog-repo)@$(tasks.wait-for-scanner-slim-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_SCANNER_DB_SLIM=$(params.scanner-db-slim-image-catalog-repo)@$(tasks.wait-for-scanner-db-slim-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_SCANNER_V4=$(params.scanner-v4-image-catalog-repo)@$(tasks.wait-for-scanner-v4-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_SCANNER_V4_DB=$(params.scanner-v4-db-image-catalog-repo)@$(tasks.wait-for-scanner-v4-db-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_COLLECTOR_SLIM=$(params.collector-slim-image-catalog-repo)@$(tasks.wait-for-collector-slim-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_COLLECTOR_FULL=$(params.collector-full-image-catalog-repo)@$(tasks.wait-for-collector-full-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_ROXCTL=$(params.roxctl-image-catalog-repo)@$(tasks.wait-for-roxctl-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_CENTRAL_DB=$(params.central-db-image-catalog-repo)@$(tasks.wait-for-central-db-image.results.IMAGE_DIGEST) + # - name: SOURCE_ARTIFACT + # value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + # - name: CACHI2_ARTIFACT + # value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + # taskRef: + # params: + # - name: name + # value: buildah-oci-ta + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.2@sha256:ea5f13f235f98e9f0da599439f0b62b729901a5b6ad8d673daf3821f3f9cb66f + # - name: kind + # value: task + # resolver: bundles + # when: + # - input: $(tasks.init.results.build) + # operator: in + # values: [ "true" ] + + # - name: apply-tags + # params: + # - name: IMAGE + # value: $(tasks.build-container.results.IMAGE_URL) + # - name: ADDITIONAL_TAGS + # value: + # - konflux-$(params.revision) + # taskRef: + # params: + # - name: name + # value: apply-tags + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:87fd7fc0e937aad1a8db9b6e377d7e444f53394dafde512d68adbea6966a4702 + # - name: kind + # value: task + # resolver: bundles + + # - name: build-source-image + # params: + # - name: BINARY_IMAGE + # value: $(tasks.build-container.results.IMAGE_URL) + # - name: SOURCE_ARTIFACT + # value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + # - name: CACHI2_ARTIFACT + # value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + # taskRef: + # params: + # - name: name + # value: source-build-oci-ta + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.1@sha256:bd786bc1d33391bb169f98a1070d1a39e410b835f05fd0db0263754c65bd9bea + # - name: kind + # value: task + # resolver: bundles + # when: + # - input: $(tasks.init.results.build) + # operator: in + # values: [ "true" ] + # - input: $(params.build-source-image) + # operator: in + # values: [ "true" ] + + # - name: deprecated-base-image-check + # params: + # - name: IMAGE_URL + # value: $(tasks.build-container.results.IMAGE_URL) + # - name: IMAGE_DIGEST + # value: $(tasks.build-container.results.IMAGE_DIGEST) + # taskRef: + # params: + # - name: name + # value: deprecated-image-check + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:5a1a165fa02270f0a947d8a2131ee9d8be0b8e9d34123828c2bef589e504ee84 + # - name: kind + # value: task + # resolver: bundles + # when: + # - input: $(params.skip-checks) + # operator: in + # values: [ "false" ] + + # - name: clair-scan + # params: + # - name: image-digest + # value: $(tasks.build-container.results.IMAGE_DIGEST) + # - name: image-url + # value: $(tasks.build-container.results.IMAGE_URL) + # taskRef: + # params: + # - name: name + # value: clair-scan + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:0a5421111e7092740398691d5bd7c125cc0896f29531d19414bb5724ae41692a + # - name: kind + # value: task + # resolver: bundles + # when: + # - input: $(params.skip-checks) + # operator: in + # values: [ "false" ] + + # - name: sast-snyk-check + # params: + # - name: SOURCE_ARTIFACT + # value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + # - name: CACHI2_ARTIFACT + # value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + # - name: image-digest + # value: $(tasks.build-container.results.IMAGE_DIGEST) + # - name: image-url + # value: $(tasks.build-container.results.IMAGE_URL) + # taskRef: + # params: + # - name: name + # value: sast-snyk-check-oci-ta + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:65a213322ea7c64159e37071d369d74b6378b23403150e29537865cada90f022 + # - name: kind + # value: task + # resolver: bundles + # when: + # - input: $(params.skip-checks) + # operator: in + # values: [ "false" ] + + # - name: clamav-scan + # params: + # - name: image-digest + # value: $(tasks.build-container.results.IMAGE_DIGEST) + # - name: image-url + # value: $(tasks.build-container.results.IMAGE_URL) + # taskRef: + # params: + # - name: name + # value: clamav-scan + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:b4f450f1447b166da671f1d5819ab5a1485083e5c27ab91f7d8b7a2ff994c8c2 + # - name: kind + # value: task + # resolver: bundles + # when: + # - input: $(params.skip-checks) + # operator: in + # values: [ "false" ] + + # - name: rpms-signature-scan + # params: + # - name: image-digest + # value: $(tasks.build-container.results.IMAGE_DIGEST) + # - name: image-url + # value: $(tasks.build-container.results.IMAGE_URL) + # taskRef: + # params: + # - name: name + # value: rpms-signature-scan + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:28aaf87d61078a0aeeeabcae455eda7d05c4f9b81d8995bdcf3dde95c1a7a77b + # - name: kind + # value: task + # resolver: bundles + # when: + # - input: $(params.skip-checks) + # operator: in + # values: ["false"] + + # - name: push-dockerfile + # params: + # - name: IMAGE + # value: $(tasks.build-container.results.IMAGE_URL) + # - name: IMAGE_DIGEST + # value: $(tasks.build-container.results.IMAGE_DIGEST) + # - name: DOCKERFILE + # value: $(params.dockerfile) + # - name: CONTEXT + # value: $(params.path-context) + # - name: SOURCE_ARTIFACT + # value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + # taskRef: + # params: + # - name: name + # value: push-dockerfile-oci-ta + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:80d48a1b9d2707490309941ec9f79338533938f959ca9a207b481b0e8a5e7a93 + # - name: kind + # value: task + # resolver: bundles + + - name: create-acs-style-snapshot params: - - name: TAG_SUFFIX - value: $(params.output-tag-suffix) - name: SOURCE_ARTIFACT value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - - name: MAKEFILE_DIRECTORY - value: "." + - name: IMAGE_REFS + # value: | + # [ + # { + # component: main, + # ref: $(params.main-image-build-repo)@$(tasks.wait-for-main-image.results.IMAGE_DIGEST) + # }, + # ] + value: | + [ + { + component: scanner-slim, + ref: quay.io/rhacs-eng/scanner-slim@sha256:7b8e00ffbad318ff0aca32ba484eaf9493335d26195938704fb25efc73d36302 + }, + ] taskRef: - name: determine-image-tag - - - name: prefetch-dependencies - params: - - name: input - value: $(params.prefetch-input) - - name: SOURCE_ARTIFACT - value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - - name: ociStorage - value: $(params.output-image-repo):konflux-$(params.revision).prefetch - - name: ociArtifactExpiresAfter - value: $(params.oci-artifact-expires-after) - taskRef: - params: - - name: name - value: prefetch-dependencies-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:b1ac9124ad909a8d7dbac01b1a02ef9a973d448d4c94efcf3d1b29e2a5c9e76f - - name: kind - value: task - resolver: bundles - workspaces: - - name: git-basic-auth - workspace: git-auth - - - name: wait-for-operator-image - params: - - name: IMAGE - value: "$(params.operator-image-build-repo):$(tasks.determine-operator-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - # This timeout must be the same as the pipeline timeout in `operator-build.yaml`. - timeout: 1h10m - - - name: wait-for-main-image - params: - - name: IMAGE - value: "$(params.main-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - # This timeout must be the same as the pipeline timeout in `main-build.yaml`. - timeout: 2h40m - - - name: wait-for-scanner-image - params: - - name: IMAGE - value: "$(params.scanner-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - # This timeout must be the same as the pipeline timeout in `scanner-retag.yaml` - timeout: 40m - - - name: wait-for-scanner-db-image - params: - - name: IMAGE - value: "$(params.scanner-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - # This timeout must be the same as the pipeline timeout in `scanner-db-retag.yaml` - timeout: 40m - - - name: wait-for-scanner-slim-image - params: - - name: IMAGE - value: "$(params.scanner-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - # This timeout must be the same as the pipeline timeout in `scanner-slim-retag.yaml` - timeout: 40m - - - name: wait-for-scanner-db-slim-image - params: - - name: IMAGE - value: "$(params.scanner-db-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - # This timeout must be the same as the pipeline timeout in `scanner-db-slim-retag.yaml` - timeout: 40m - - - name: wait-for-scanner-v4-image - params: - - name: IMAGE - value: "$(params.scanner-v4-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - # This timeout must be the same as the pipeline timeout in `scanner-v4-build.yaml`. - timeout: 1h10m - - - name: wait-for-scanner-v4-db-image - params: - - name: IMAGE - value: "$(params.scanner-v4-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - # This timeout must be the same as the pipeline timeout in `scanner-v4-db-build.yaml`. - timeout: 1h10m - - - name: wait-for-collector-slim-image - params: - - name: IMAGE - value: "$(params.collector-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - # The timeout must be the same as the pipeline timeout in `collector-slim-retag.yaml` - timeout: 40m - - - name: wait-for-collector-full-image - params: - - name: IMAGE - value: "$(params.collector-full-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - # The timeout must be the same as the pipeline timeout in `collector-full-retag.yaml` - timeout: 40m - - - name: wait-for-roxctl-image - params: - - name: IMAGE - value: "$(params.roxctl-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - # This timeout must be the same as the pipeline timeout in `roxctl-build.yaml`. - timeout: 1h10m - - - name: wait-for-central-db-image - params: - - name: IMAGE - value: "$(params.central-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - # This timeout must be the same as the pipeline timeout in `central-db-build.yaml`. - timeout: 1h40m - - - name: build-container - params: - - name: IMAGE - # Note the operator bundle tag is prefixed with "v". - value: $(params.output-image-repo):v$(tasks.determine-operator-image-tag.results.IMAGE_TAG) - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: HERMETIC - value: $(params.hermetic) - - name: PREFETCH_INPUT - value: $(params.prefetch-input) - - name: IMAGE_EXPIRES_AFTER - value: $(params.image-expires-after) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - - name: BUILD_ARGS - value: - - OPERATOR_IMAGE_TAG=$(tasks.determine-operator-image-tag.results.IMAGE_TAG) - - OPERATOR_IMAGE_REF=$(params.operator-image-catalog-repo)@$(tasks.wait-for-operator-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_MAIN=$(params.main-image-catalog-repo)@$(tasks.wait-for-main-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_SCANNER=$(params.scanner-image-catalog-repo)@$(tasks.wait-for-scanner-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_SCANNER_DB=$(params.scanner-db-image-catalog-repo)@$(tasks.wait-for-scanner-db-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_SCANNER_SLIM=$(params.scanner-slim-image-catalog-repo)@$(tasks.wait-for-scanner-slim-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_SCANNER_DB_SLIM=$(params.scanner-db-slim-image-catalog-repo)@$(tasks.wait-for-scanner-db-slim-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_SCANNER_V4=$(params.scanner-v4-image-catalog-repo)@$(tasks.wait-for-scanner-v4-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_SCANNER_V4_DB=$(params.scanner-v4-db-image-catalog-repo)@$(tasks.wait-for-scanner-v4-db-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_COLLECTOR_SLIM=$(params.collector-slim-image-catalog-repo)@$(tasks.wait-for-collector-slim-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_COLLECTOR_FULL=$(params.collector-full-image-catalog-repo)@$(tasks.wait-for-collector-full-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_ROXCTL=$(params.roxctl-image-catalog-repo)@$(tasks.wait-for-roxctl-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_CENTRAL_DB=$(params.central-db-image-catalog-repo)@$(tasks.wait-for-central-db-image.results.IMAGE_DIGEST) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - taskRef: - params: - - name: name - value: buildah-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.2@sha256:ea5f13f235f98e9f0da599439f0b62b729901a5b6ad8d673daf3821f3f9cb66f - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: [ "true" ] - - - name: apply-tags - params: - - name: IMAGE - value: $(tasks.build-container.results.IMAGE_URL) - - name: ADDITIONAL_TAGS - value: - - konflux-$(params.revision) - taskRef: - params: - - name: name - value: apply-tags - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:87fd7fc0e937aad1a8db9b6e377d7e444f53394dafde512d68adbea6966a4702 - - name: kind - value: task - resolver: bundles - - - name: build-source-image - params: - - name: BINARY_IMAGE - value: $(tasks.build-container.results.IMAGE_URL) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - taskRef: - params: - - name: name - value: source-build-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.1@sha256:bd786bc1d33391bb169f98a1070d1a39e410b835f05fd0db0263754c65bd9bea - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: [ "true" ] - - input: $(params.build-source-image) - operator: in - values: [ "true" ] - - - name: deprecated-base-image-check - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - taskRef: - params: - - name: name - value: deprecated-image-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:5a1a165fa02270f0a947d8a2131ee9d8be0b8e9d34123828c2bef589e504ee84 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: [ "false" ] - - - name: clair-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - taskRef: - params: - - name: name - value: clair-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:0a5421111e7092740398691d5bd7c125cc0896f29531d19414bb5724ae41692a - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: [ "false" ] - - - name: sast-snyk-check - params: - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - taskRef: - params: - - name: name - value: sast-snyk-check-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:65a213322ea7c64159e37071d369d74b6378b23403150e29537865cada90f022 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: [ "false" ] - - - name: clamav-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - taskRef: - params: - - name: name - value: clamav-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:b4f450f1447b166da671f1d5819ab5a1485083e5c27ab91f7d8b7a2ff994c8c2 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: [ "false" ] - - - name: rpms-signature-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - taskRef: - params: - - name: name - value: rpms-signature-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:28aaf87d61078a0aeeeabcae455eda7d05c4f9b81d8995bdcf3dde95c1a7a77b - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: ["false"] - - - name: push-dockerfile - params: - - name: IMAGE - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - taskRef: - params: - - name: name - value: push-dockerfile-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:80d48a1b9d2707490309941ec9f79338533938f959ca9a207b481b0e8a5e7a93 - - name: kind - value: task - resolver: bundles + name: create-snapshot From 7a1b81891de71d16b136eb262849ff6127a6f9bd Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Wed, 11 Dec 2024 14:28:31 +0100 Subject: [PATCH 02/92] fix operator-bundle pipeline/create-snapshot task --- .tekton/create-snapshot-task.yaml | 6 +- .tekton/operator-bundle-pipeline.yaml | 378 -------------------------- 2 files changed, 3 insertions(+), 381 deletions(-) diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index 5702b14ae4359..acd97a6c75fd0 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -9,7 +9,7 @@ spec: - name: SOURCE_ARTIFACT description: The Trusted Artifact URI pointing to the application source code. type: string - - name: IMAGES + - name: IMAGE_REFS description: Image references. type: string steps: @@ -18,7 +18,7 @@ spec: args: - use - $(params.SOURCE_ARTIFACT)=/var/workdir/source - - name: wait-for-image + - name: create-snapshot image: registry.access.redhat.com/ubi9/ubi:latest script: | #!/usr/bin/env bash @@ -26,4 +26,4 @@ spec: dnf -y upgrade --nobest dnf -y install jq - echo "$(params.IMAGE_REF)" | jq + echo "$(params.IMAGE_REFS)" | jq diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index 9fba58df3b7c0..0ce5f3d055e31 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -293,389 +293,11 @@ spec: - name: basic-auth workspace: git-auth - # - name: determine-operator-image-tag - # params: - # - name: TAG_SUFFIX - # value: $(params.output-tag-suffix) - # - name: SOURCE_ARTIFACT - # value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - # - name: MAKEFILE_DIRECTORY - # value: ./operator - # taskRef: - # name: determine-image-tag - - # - name: determine-main-image-tag - # params: - # - name: TAG_SUFFIX - # value: $(params.output-tag-suffix) - # - name: SOURCE_ARTIFACT - # value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - # - name: MAKEFILE_DIRECTORY - # value: "." - # taskRef: - # name: determine-image-tag - - # - name: prefetch-dependencies - # params: - # - name: input - # value: $(params.prefetch-input) - # - name: SOURCE_ARTIFACT - # value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - # - name: ociStorage - # value: $(params.output-image-repo):konflux-$(params.revision).prefetch - # - name: ociArtifactExpiresAfter - # value: $(params.oci-artifact-expires-after) - # taskRef: - # params: - # - name: name - # value: prefetch-dependencies-oci-ta - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:b1ac9124ad909a8d7dbac01b1a02ef9a973d448d4c94efcf3d1b29e2a5c9e76f - # - name: kind - # value: task - # resolver: bundles - # workspaces: - # - name: git-basic-auth - # workspace: git-auth - - # - name: wait-for-operator-image - # params: - # - name: IMAGE - # value: "$(params.operator-image-build-repo):$(tasks.determine-operator-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # # This timeout must be the same as the pipeline timeout in `operator-build.yaml`. - # timeout: 1h10m - - # - name: wait-for-main-image - # params: - # - name: IMAGE - # value: "$(params.main-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # # This timeout must be the same as the pipeline timeout in `main-build.yaml`. - # timeout: 2h40m - - # - name: wait-for-scanner-image - # params: - # - name: IMAGE - # value: "$(params.scanner-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # # This timeout must be the same as the pipeline timeout in `scanner-retag.yaml` - # timeout: 40m - - # - name: wait-for-scanner-db-image - # params: - # - name: IMAGE - # value: "$(params.scanner-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # # This timeout must be the same as the pipeline timeout in `scanner-db-retag.yaml` - # timeout: 40m - - # - name: wait-for-scanner-slim-image - # params: - # - name: IMAGE - # value: "$(params.scanner-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # # This timeout must be the same as the pipeline timeout in `scanner-slim-retag.yaml` - # timeout: 40m - - # - name: wait-for-scanner-db-slim-image - # params: - # - name: IMAGE - # value: "$(params.scanner-db-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # # This timeout must be the same as the pipeline timeout in `scanner-db-slim-retag.yaml` - # timeout: 40m - - # - name: wait-for-scanner-v4-image - # params: - # - name: IMAGE - # value: "$(params.scanner-v4-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # # This timeout must be the same as the pipeline timeout in `scanner-v4-build.yaml`. - # timeout: 1h10m - - # - name: wait-for-scanner-v4-db-image - # params: - # - name: IMAGE - # value: "$(params.scanner-v4-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # # This timeout must be the same as the pipeline timeout in `scanner-v4-db-build.yaml`. - # timeout: 1h10m - - # - name: wait-for-collector-slim-image - # params: - # - name: IMAGE - # value: "$(params.collector-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # # The timeout must be the same as the pipeline timeout in `collector-slim-retag.yaml` - # timeout: 40m - - # - name: wait-for-collector-full-image - # params: - # - name: IMAGE - # value: "$(params.collector-full-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # # The timeout must be the same as the pipeline timeout in `collector-full-retag.yaml` - # timeout: 40m - - # - name: wait-for-roxctl-image - # params: - # - name: IMAGE - # value: "$(params.roxctl-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # # This timeout must be the same as the pipeline timeout in `roxctl-build.yaml`. - # timeout: 1h10m - - # - name: wait-for-central-db-image - # params: - # - name: IMAGE - # value: "$(params.central-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # # This timeout must be the same as the pipeline timeout in `central-db-build.yaml`. - # timeout: 1h40m - - # - name: build-container - # params: - # - name: IMAGE - # # Note the operator bundle tag is prefixed with "v". - # value: $(params.output-image-repo):v$(tasks.determine-operator-image-tag.results.IMAGE_TAG) - # - name: DOCKERFILE - # value: $(params.dockerfile) - # - name: CONTEXT - # value: $(params.path-context) - # - name: HERMETIC - # value: $(params.hermetic) - # - name: PREFETCH_INPUT - # value: $(params.prefetch-input) - # - name: IMAGE_EXPIRES_AFTER - # value: $(params.image-expires-after) - # - name: COMMIT_SHA - # value: $(tasks.clone-repository.results.commit) - # - name: BUILD_ARGS - # value: - # - OPERATOR_IMAGE_TAG=$(tasks.determine-operator-image-tag.results.IMAGE_TAG) - # - OPERATOR_IMAGE_REF=$(params.operator-image-catalog-repo)@$(tasks.wait-for-operator-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_MAIN=$(params.main-image-catalog-repo)@$(tasks.wait-for-main-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_SCANNER=$(params.scanner-image-catalog-repo)@$(tasks.wait-for-scanner-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_SCANNER_DB=$(params.scanner-db-image-catalog-repo)@$(tasks.wait-for-scanner-db-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_SCANNER_SLIM=$(params.scanner-slim-image-catalog-repo)@$(tasks.wait-for-scanner-slim-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_SCANNER_DB_SLIM=$(params.scanner-db-slim-image-catalog-repo)@$(tasks.wait-for-scanner-db-slim-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_SCANNER_V4=$(params.scanner-v4-image-catalog-repo)@$(tasks.wait-for-scanner-v4-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_SCANNER_V4_DB=$(params.scanner-v4-db-image-catalog-repo)@$(tasks.wait-for-scanner-v4-db-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_COLLECTOR_SLIM=$(params.collector-slim-image-catalog-repo)@$(tasks.wait-for-collector-slim-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_COLLECTOR_FULL=$(params.collector-full-image-catalog-repo)@$(tasks.wait-for-collector-full-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_ROXCTL=$(params.roxctl-image-catalog-repo)@$(tasks.wait-for-roxctl-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_CENTRAL_DB=$(params.central-db-image-catalog-repo)@$(tasks.wait-for-central-db-image.results.IMAGE_DIGEST) - # - name: SOURCE_ARTIFACT - # value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - # - name: CACHI2_ARTIFACT - # value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - # taskRef: - # params: - # - name: name - # value: buildah-oci-ta - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.2@sha256:ea5f13f235f98e9f0da599439f0b62b729901a5b6ad8d673daf3821f3f9cb66f - # - name: kind - # value: task - # resolver: bundles - # when: - # - input: $(tasks.init.results.build) - # operator: in - # values: [ "true" ] - - # - name: apply-tags - # params: - # - name: IMAGE - # value: $(tasks.build-container.results.IMAGE_URL) - # - name: ADDITIONAL_TAGS - # value: - # - konflux-$(params.revision) - # taskRef: - # params: - # - name: name - # value: apply-tags - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:87fd7fc0e937aad1a8db9b6e377d7e444f53394dafde512d68adbea6966a4702 - # - name: kind - # value: task - # resolver: bundles - - # - name: build-source-image - # params: - # - name: BINARY_IMAGE - # value: $(tasks.build-container.results.IMAGE_URL) - # - name: SOURCE_ARTIFACT - # value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - # - name: CACHI2_ARTIFACT - # value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - # taskRef: - # params: - # - name: name - # value: source-build-oci-ta - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.1@sha256:bd786bc1d33391bb169f98a1070d1a39e410b835f05fd0db0263754c65bd9bea - # - name: kind - # value: task - # resolver: bundles - # when: - # - input: $(tasks.init.results.build) - # operator: in - # values: [ "true" ] - # - input: $(params.build-source-image) - # operator: in - # values: [ "true" ] - - # - name: deprecated-base-image-check - # params: - # - name: IMAGE_URL - # value: $(tasks.build-container.results.IMAGE_URL) - # - name: IMAGE_DIGEST - # value: $(tasks.build-container.results.IMAGE_DIGEST) - # taskRef: - # params: - # - name: name - # value: deprecated-image-check - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:5a1a165fa02270f0a947d8a2131ee9d8be0b8e9d34123828c2bef589e504ee84 - # - name: kind - # value: task - # resolver: bundles - # when: - # - input: $(params.skip-checks) - # operator: in - # values: [ "false" ] - - # - name: clair-scan - # params: - # - name: image-digest - # value: $(tasks.build-container.results.IMAGE_DIGEST) - # - name: image-url - # value: $(tasks.build-container.results.IMAGE_URL) - # taskRef: - # params: - # - name: name - # value: clair-scan - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:0a5421111e7092740398691d5bd7c125cc0896f29531d19414bb5724ae41692a - # - name: kind - # value: task - # resolver: bundles - # when: - # - input: $(params.skip-checks) - # operator: in - # values: [ "false" ] - - # - name: sast-snyk-check - # params: - # - name: SOURCE_ARTIFACT - # value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - # - name: CACHI2_ARTIFACT - # value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - # - name: image-digest - # value: $(tasks.build-container.results.IMAGE_DIGEST) - # - name: image-url - # value: $(tasks.build-container.results.IMAGE_URL) - # taskRef: - # params: - # - name: name - # value: sast-snyk-check-oci-ta - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:65a213322ea7c64159e37071d369d74b6378b23403150e29537865cada90f022 - # - name: kind - # value: task - # resolver: bundles - # when: - # - input: $(params.skip-checks) - # operator: in - # values: [ "false" ] - - # - name: clamav-scan - # params: - # - name: image-digest - # value: $(tasks.build-container.results.IMAGE_DIGEST) - # - name: image-url - # value: $(tasks.build-container.results.IMAGE_URL) - # taskRef: - # params: - # - name: name - # value: clamav-scan - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:b4f450f1447b166da671f1d5819ab5a1485083e5c27ab91f7d8b7a2ff994c8c2 - # - name: kind - # value: task - # resolver: bundles - # when: - # - input: $(params.skip-checks) - # operator: in - # values: [ "false" ] - - # - name: rpms-signature-scan - # params: - # - name: image-digest - # value: $(tasks.build-container.results.IMAGE_DIGEST) - # - name: image-url - # value: $(tasks.build-container.results.IMAGE_URL) - # taskRef: - # params: - # - name: name - # value: rpms-signature-scan - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:28aaf87d61078a0aeeeabcae455eda7d05c4f9b81d8995bdcf3dde95c1a7a77b - # - name: kind - # value: task - # resolver: bundles - # when: - # - input: $(params.skip-checks) - # operator: in - # values: ["false"] - - # - name: push-dockerfile - # params: - # - name: IMAGE - # value: $(tasks.build-container.results.IMAGE_URL) - # - name: IMAGE_DIGEST - # value: $(tasks.build-container.results.IMAGE_DIGEST) - # - name: DOCKERFILE - # value: $(params.dockerfile) - # - name: CONTEXT - # value: $(params.path-context) - # - name: SOURCE_ARTIFACT - # value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - # taskRef: - # params: - # - name: name - # value: push-dockerfile-oci-ta - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:80d48a1b9d2707490309941ec9f79338533938f959ca9a207b481b0e8a5e7a93 - # - name: kind - # value: task - # resolver: bundles - - name: create-acs-style-snapshot params: - name: SOURCE_ARTIFACT value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - name: IMAGE_REFS - # value: | - # [ - # { - # component: main, - # ref: $(params.main-image-build-repo)@$(tasks.wait-for-main-image.results.IMAGE_DIGEST) - # }, - # ] value: | [ { From 50a171e832fec89c269e9e25927b04e8d66e1939 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Wed, 11 Dec 2024 14:35:35 +0100 Subject: [PATCH 03/92] skip --- .tekton/operator-bundle-pipeline.yaml | 44 +++++++++++++-------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index 0ce5f3d055e31..20794167c37fc 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -26,19 +26,19 @@ spec: value: task resolver: bundles - - name: show-sbom - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - taskRef: - params: - - name: name - value: show-sbom - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 - - name: kind - value: task - resolver: bundles + # - name: show-sbom + # params: + # - name: IMAGE_URL + # value: $(tasks.build-container.results.IMAGE_URL) + # taskRef: + # params: + # - name: name + # value: show-sbom + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 + # - name: kind + # value: task + # resolver: bundles params: - description: Source Repository URL @@ -220,21 +220,21 @@ spec: default: "acs" results: - - description: "" - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - description: "" - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) + # - description: "" + # name: IMAGE_URL + # value: $(tasks.build-container.results.IMAGE_URL) + # - description: "" + # name: IMAGE_DIGEST + # value: $(tasks.build-container.results.IMAGE_DIGEST) - description: "" name: CHAINS-GIT_URL value: $(tasks.clone-repository.results.url) - description: "" name: CHAINS-GIT_COMMIT value: $(tasks.clone-repository.results.commit) - - description: "" - name: JAVA_COMMUNITY_DEPENDENCIES - value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) + # - description: "" + # name: JAVA_COMMUNITY_DEPENDENCIES + # value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) workspaces: - name: git-auth From 6093f1d3a789add6c6fd9fa3a3ed571ccc93e65f Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Wed, 11 Dec 2024 15:21:33 +0100 Subject: [PATCH 04/92] fix task --- .tekton/create-snapshot-task.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index acd97a6c75fd0..3bbf2d91304ca 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -12,6 +12,13 @@ spec: - name: IMAGE_REFS description: Image references. type: string + volumes: + - name: workdir + emptyDir: { } + stepTemplate: + volumeMounts: + - mountPath: /var/workdir + name: workdir steps: - name: use-trusted-artifact image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:81c4864dae6bb11595f657be887e205262e70086a05ed16ada827fd6391926ac @@ -20,6 +27,7 @@ spec: - $(params.SOURCE_ARTIFACT)=/var/workdir/source - name: create-snapshot image: registry.access.redhat.com/ubi9/ubi:latest + workingDir: /var/workdir/source script: | #!/usr/bin/env bash set -euo pipefail From 4aea58787cb2addd7f35feb5e97f69f575696414 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Wed, 11 Dec 2024 15:41:40 +0100 Subject: [PATCH 05/92] provide application programmatically --- .tekton/create-snapshot-task.yaml | 7 ++++++- .tekton/operator-bundle-pipeline.yaml | 5 +++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index 3bbf2d91304ca..cd98de224c70b 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -12,6 +12,9 @@ spec: - name: IMAGE_REFS description: Image references. type: string + - name: APPLICATION + description: Konflux application. + type: string volumes: - name: workdir emptyDir: { } @@ -34,4 +37,6 @@ spec: dnf -y upgrade --nobest dnf -y install jq - echo "$(params.IMAGE_REFS)" | jq + echo "$(params.IMAGE_REFS)" + + echo "Application: $(params.APPLICATION)" diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index 20794167c37fc..31da7effc3e17 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -297,6 +297,11 @@ spec: params: - name: SOURCE_ARTIFACT value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: APPLICATION + valueFrom: + fieldRef: + fieldPath: metadata.labels['appstudio.openshift.io/application'] + - name: IMAGE_REFS value: | [ From 1fb983e212027e6682832aab1c36724a18755ced Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Wed, 11 Dec 2024 15:48:05 +0100 Subject: [PATCH 06/92] da --- .tekton/operator-bundle-pipeline.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index 31da7effc3e17..414ea84fc979e 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -301,7 +301,6 @@ spec: valueFrom: fieldRef: fieldPath: metadata.labels['appstudio.openshift.io/application'] - - name: IMAGE_REFS value: | [ From a2ce33bf294650e44c450c965f54fee9472179a6 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Wed, 11 Dec 2024 15:51:36 +0100 Subject: [PATCH 07/92] no type --- .tekton/create-snapshot-task.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index cd98de224c70b..4c06472d74d67 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -14,7 +14,6 @@ spec: type: string - name: APPLICATION description: Konflux application. - type: string volumes: - name: workdir emptyDir: { } From 3c02cfe38a600289b9b3b546ee36f09024f36a98 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Wed, 11 Dec 2024 15:53:06 +0100 Subject: [PATCH 08/92] on build level? --- .tekton/create-snapshot-task.yaml | 1 + .tekton/operator-bundle-build.yaml | 4 +++- .tekton/operator-bundle-pipeline.yaml | 5 +---- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index 4c06472d74d67..cd98de224c70b 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -14,6 +14,7 @@ spec: type: string - name: APPLICATION description: Konflux application. + type: string volumes: - name: workdir emptyDir: { } diff --git a/.tekton/operator-bundle-build.yaml b/.tekton/operator-bundle-build.yaml index 0948fe856408b..12b67c442def5 100644 --- a/.tekton/operator-bundle-build.yaml +++ b/.tekton/operator-bundle-build.yaml @@ -57,7 +57,9 @@ spec: - name: clone-fetch-tags value: 'true' - name: application - value: 'acs' + valueFrom: + fieldRef: + fieldPath: metadata.labels['appstudio.openshift.io/application'] workspaces: - name: git-auth diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index 414ea84fc979e..3bd68e18fa675 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -217,7 +217,6 @@ spec: - name: application description: Name of the Konflux application that the bundle is created for to use in snapshot. type: string - default: "acs" results: # - description: "" @@ -298,9 +297,7 @@ spec: - name: SOURCE_ARTIFACT value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - name: APPLICATION - valueFrom: - fieldRef: - fieldPath: metadata.labels['appstudio.openshift.io/application'] + value: $(params.application) - name: IMAGE_REFS value: | [ From 06b3f34add69f1d05e2a0014a04685ef497693ed Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Wed, 11 Dec 2024 15:58:08 +0100 Subject: [PATCH 09/92] like this --- .tekton/create-snapshot-task.yaml | 10 ++++++---- .tekton/operator-bundle-build.yaml | 4 ---- .tekton/operator-bundle-pipeline.yaml | 6 ------ 3 files changed, 6 insertions(+), 14 deletions(-) diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index cd98de224c70b..cb5f0cc329760 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -12,9 +12,6 @@ spec: - name: IMAGE_REFS description: Image references. type: string - - name: APPLICATION - description: Konflux application. - type: string volumes: - name: workdir emptyDir: { } @@ -31,6 +28,11 @@ spec: - name: create-snapshot image: registry.access.redhat.com/ubi9/ubi:latest workingDir: /var/workdir/source + env: + - name: APPLICATION + valueFrom: + fieldRef: + fieldPath: metadata.labels['appstudio.openshift.io/application'] script: | #!/usr/bin/env bash set -euo pipefail @@ -39,4 +41,4 @@ spec: echo "$(params.IMAGE_REFS)" - echo "Application: $(params.APPLICATION)" + echo "Application: ${APPLICATION}" diff --git a/.tekton/operator-bundle-build.yaml b/.tekton/operator-bundle-build.yaml index 12b67c442def5..6a01a791758db 100644 --- a/.tekton/operator-bundle-build.yaml +++ b/.tekton/operator-bundle-build.yaml @@ -56,10 +56,6 @@ spec: value: '0' - name: clone-fetch-tags value: 'true' - - name: application - valueFrom: - fieldRef: - fieldPath: metadata.labels['appstudio.openshift.io/application'] workspaces: - name: git-auth diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index 3bd68e18fa675..573553fee99cc 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -214,10 +214,6 @@ spec: type: string default: "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8" - - name: application - description: Name of the Konflux application that the bundle is created for to use in snapshot. - type: string - results: # - description: "" # name: IMAGE_URL @@ -296,8 +292,6 @@ spec: params: - name: SOURCE_ARTIFACT value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - - name: APPLICATION - value: $(params.application) - name: IMAGE_REFS value: | [ From a59fae42ebf02ac311e05d6b27d0f1030b43589c Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 12 Dec 2024 10:39:53 +0100 Subject: [PATCH 10/92] snapshot template --- .tekton/create-snapshot-task.yaml | 21 +++++++++++++++++++-- .tekton/operator-bundle-pipeline.yaml | 8 +++++--- 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index cb5f0cc329760..5c195a635dcda 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -39,6 +39,23 @@ spec: dnf -y upgrade --nobest dnf -y install jq - echo "$(params.IMAGE_REFS)" + echo "$(params.IMAGE_REFS)" | jq - echo "Application: ${APPLICATION}" + cat < snapshot-template.json + { + "apiVersion": "appstudio.redhat.com/v1alpha1", + "kind": "Snapshot", + "metadata": { + "name": "tm-$(date +%s)" + }, + { + "spec": { + "application": "${APPLICATION}", + "components": [] + } + } + } + + cat snapshot-template.json + + jq . snapshot-template.json diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index 573553fee99cc..1be9bae786f3d 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -296,9 +296,11 @@ spec: value: | [ { - component: scanner-slim, - ref: quay.io/rhacs-eng/scanner-slim@sha256:7b8e00ffbad318ff0aca32ba484eaf9493335d26195938704fb25efc73d36302 - }, + "component": "scanner-v4-4-6", + "ref": "quay.io/rhacs-eng/scanner-v4@sha256:c2ada6227ad865379387ddfdfaa91d281898aaf59d39c898246b700638b4d585", + "repository": "$(params.git-url)", + "revision": "$(params.revision)" + } ] taskRef: name: create-snapshot From b5ad1544287ec95207a3330ff425317e21e0b27f Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 12 Dec 2024 10:44:42 +0100 Subject: [PATCH 11/92] create-snapshot --- .tekton/create-snapshot-task.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index 5c195a635dcda..def1c3a06d806 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -39,6 +39,9 @@ spec: dnf -y upgrade --nobest dnf -y install jq + + echo "$(params.IMAGE_REFS)" + echo "$(params.IMAGE_REFS)" | jq cat < snapshot-template.json From 0adccf3a247146c92360e48c3b9247cd6a35309a Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 12 Dec 2024 10:51:24 +0100 Subject: [PATCH 12/92] btter debug --- .tekton/create-snapshot-task.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index def1c3a06d806..0ec9d5633c0ec 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -35,13 +35,15 @@ spec: fieldPath: metadata.labels['appstudio.openshift.io/application'] script: | #!/usr/bin/env bash - set -euo pipefail + set -exuo pipefail dnf -y upgrade --nobest dnf -y install jq + echo "--- direct ---" echo "$(params.IMAGE_REFS)" + echo "--- with jq ---" echo "$(params.IMAGE_REFS)" | jq cat < snapshot-template.json @@ -59,6 +61,8 @@ spec: } } + echo "--- direct ---" cat snapshot-template.json - jq . snapshot-template.json + echo "--- with jq ---" + cat snapshot-template.json | jq From 5f11bd19dfb891d19cd75932e3ff34ee9306f4cd Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 12 Dec 2024 10:57:21 +0100 Subject: [PATCH 13/92] oi --- .tekton/create-snapshot-task.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index 0ec9d5633c0ec..f4c7c166a055c 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -41,10 +41,11 @@ spec: echo "--- direct ---" - echo "$(params.IMAGE_REFS)" + echo "$(params.IMAGE_REFS)" > image-refs.json + cat image-refs.json echo "--- with jq ---" - echo "$(params.IMAGE_REFS)" | jq + cat image-refs.json | jq cat < snapshot-template.json { From 3601bcb66ce40fcb19368bd443aaa42d16051c9a Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 12 Dec 2024 11:02:40 +0100 Subject: [PATCH 14/92] template --- .tekton/create-snapshot-task.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index f4c7c166a055c..ed374db94b658 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -40,12 +40,12 @@ spec: dnf -y install jq - echo "--- direct ---" - echo "$(params.IMAGE_REFS)" > image-refs.json - cat image-refs.json + # echo "--- direct ---" + # echo "$(params.IMAGE_REFS)" > image-refs.json + # cat image-refs.json - echo "--- with jq ---" - cat image-refs.json | jq + # echo "--- with jq ---" + # echo "$(params.IMAGE_REFS)" | jq cat < snapshot-template.json { From e947eec7b13d342253e843cfe59ccc8e0ebb31c1 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 12 Dec 2024 11:10:58 +0100 Subject: [PATCH 15/92] stuff --- .tekton/create-snapshot-task.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index ed374db94b658..00c22ae236914 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -61,6 +61,7 @@ spec: } } } + EOF echo "--- direct ---" cat snapshot-template.json From 6d46a2c80dad32a8279bfa2bd511e6a7259fbd22 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 12 Dec 2024 11:13:49 +0100 Subject: [PATCH 16/92] h --- .tekton/create-snapshot-task.yaml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index 00c22ae236914..b931a564a1401 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -39,14 +39,6 @@ spec: dnf -y upgrade --nobest dnf -y install jq - - # echo "--- direct ---" - # echo "$(params.IMAGE_REFS)" > image-refs.json - # cat image-refs.json - - # echo "--- with jq ---" - # echo "$(params.IMAGE_REFS)" | jq - cat < snapshot-template.json { "apiVersion": "appstudio.redhat.com/v1alpha1", From 667ca91d4db923b30cc08e7ad784be3ff1c1fbb8 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 12 Dec 2024 11:19:47 +0100 Subject: [PATCH 17/92] lala --- .tekton/create-snapshot-task.yaml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index b931a564a1401..c2fbb97713c66 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -46,11 +46,9 @@ spec: "metadata": { "name": "tm-$(date +%s)" }, - { - "spec": { - "application": "${APPLICATION}", - "components": [] - } + "spec": { + "application": "${APPLICATION}", + "components": [] } } EOF From 4c0936759dab4ef463edb21eba217a3f64a2503e Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 12 Dec 2024 12:16:06 +0100 Subject: [PATCH 18/92] rewrite in python --- .tekton/create-snapshot-task.yaml | 66 ++++++++++++++++++++----------- 1 file changed, 44 insertions(+), 22 deletions(-) diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index c2fbb97713c66..546f34ae2e00a 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -25,7 +25,7 @@ spec: args: - use - $(params.SOURCE_ARTIFACT)=/var/workdir/source - - name: create-snapshot + - name: render-snapshot image: registry.access.redhat.com/ubi9/ubi:latest workingDir: /var/workdir/source env: @@ -33,28 +33,50 @@ spec: valueFrom: fieldRef: fieldPath: metadata.labels['appstudio.openshift.io/application'] + - name: IMAGE_REFS + value: $(params.IMAGE_REFS) script: | - #!/usr/bin/env bash - set -exuo pipefail - dnf -y upgrade --nobest - dnf -y install jq - - cat < snapshot-template.json - { - "apiVersion": "appstudio.redhat.com/v1alpha1", - "kind": "Snapshot", - "metadata": { - "name": "tm-$(date +%s)" - }, - "spec": { - "application": "${APPLICATION}", - "components": [] + #!/usr/bin/env python3 + + import json + import os + + + def load_image_refs(): + return json.loads(os.getenv("IMAGE_REFS", "[]")) + + + def construct_snapshot(snapshot_name, application, components): + return { + "apiVersion": "appstudio.redhat.com/v1alpha1", + "kind": "Snapshot", + "metadata": { + "name": snapshot_name + }, + "spec": { + "application": application, + "components": components + } } - } - EOF - echo "--- direct ---" - cat snapshot-template.json - echo "--- with jq ---" - cat snapshot-template.json | jq + if __name__ == '__main__': + components = load_image_refs() + snapshot = construct_snapshot( + "tm-acs-4-6-0", + os.getenv("APPLICATION", ""), + components + ) + + print("Snapshot:", snapshot) + + with open("snapshot.json", "w") as f: + json.dump(snapshot, f) + + - name: apply-snapshot + image: registry.access.redhat.com/ubi9/ubi:latest + workingDir: /var/workdir/source + script: | + #!/usr/bin/env bash + + cat snapshot.json | jq From c5c2ff061532ac7f0e53fedb035db03fab10a89f Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 12 Dec 2024 13:06:02 +0100 Subject: [PATCH 19/92] correctly build snapshot --- .tekton/create-snapshot-task.yaml | 60 ++++++++++++++++++++----------- 1 file changed, 39 insertions(+), 21 deletions(-) diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index 546f34ae2e00a..38ea783a6b05e 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -38,40 +38,54 @@ spec: script: | #!/usr/bin/env python3 - import json import os + import json def load_image_refs(): - return json.loads(os.getenv("IMAGE_REFS", "[]")) + return json.loads(os.getenv("IMAGE_REFS", "[]")) + + + def process_component(component): + return { + "containerImage": component["ref"], + "name": component["component"], + "source": { + "git": { + "revision": component["revision"], + "url": component["repository"] + } + } + } def construct_snapshot(snapshot_name, application, components): - return { - "apiVersion": "appstudio.redhat.com/v1alpha1", - "kind": "Snapshot", - "metadata": { - "name": snapshot_name - }, - "spec": { - "application": application, - "components": components + return { + "apiVersion": "appstudio.redhat.com/v1alpha1", + "kind": "Snapshot", + "metadata": { + "name": snapshot_name + }, + "spec": { + "application": application, + "components": components + } } - } if __name__ == '__main__': - components = load_image_refs() - snapshot = construct_snapshot( - "tm-acs-4-6-0", - os.getenv("APPLICATION", ""), - components - ) + image_refs = load_image_refs() + components = [process_component(c) for c in image_refs] + snapshot = construct_snapshot( + "tm-acs-4-6-0", + os.getenv("APPLICATION", ""), + components + ) - print("Snapshot:", snapshot) + print("Snapshot:", snapshot) - with open("snapshot.json", "w") as f: - json.dump(snapshot, f) + with open("snapshot.json", "w") as f: + json.dump(snapshot, f) - name: apply-snapshot image: registry.access.redhat.com/ubi9/ubi:latest @@ -79,4 +93,8 @@ spec: script: | #!/usr/bin/env bash + set -euo pipefail + dnf -y upgrade --nobest + dnf -y install jq + cat snapshot.json | jq From ec79401e7ca8aaf7cc4d404d34e92685f5e655bf Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 12 Dec 2024 13:28:43 +0100 Subject: [PATCH 20/92] apply the snapshot --- .tekton/create-snapshot-task.yaml | 19 +++++++++---------- .tekton/operator-bundle-pipeline.yaml | 10 ++++++++-- 2 files changed, 17 insertions(+), 12 deletions(-) diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index 38ea783a6b05e..7f946ca608390 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -38,8 +38,9 @@ spec: script: | #!/usr/bin/env python3 - import os import json + import os + import time def load_image_refs(): @@ -59,7 +60,8 @@ spec: } - def construct_snapshot(snapshot_name, application, components): + def construct_snapshot(snapshot_name_prefix, application, components): + snapshot_name = snapshot_name_prefix + "-" + int(time.time()) return { "apiVersion": "appstudio.redhat.com/v1alpha1", "kind": "Snapshot", @@ -74,11 +76,12 @@ spec: if __name__ == '__main__': + application = os.getenv("APPLICATION", "") image_refs = load_image_refs() components = [process_component(c) for c in image_refs] snapshot = construct_snapshot( - "tm-acs-4-6-0", - os.getenv("APPLICATION", ""), + f"tm-{application}", + application, components ) @@ -88,13 +91,9 @@ spec: json.dump(snapshot, f) - name: apply-snapshot - image: registry.access.redhat.com/ubi9/ubi:latest + image: registry.redhat.io/openshift4/ose-cli@sha256:4d58b5a47a84f843e646c5272e32b2dbefac67fd56e283cb60635d792e6348f9 workingDir: /var/workdir/source script: | #!/usr/bin/env bash - set -euo pipefail - dnf -y upgrade --nobest - dnf -y install jq - - cat snapshot.json | jq + oc apply -f snapshot.json diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index 1be9bae786f3d..24ec12c482931 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -296,8 +296,14 @@ spec: value: | [ { - "component": "scanner-v4-4-6", - "ref": "quay.io/rhacs-eng/scanner-v4@sha256:c2ada6227ad865379387ddfdfaa91d281898aaf59d39c898246b700638b4d585", + "component": "stackrox-operator", + "ref": "$(params.operator-image-build-repo)@sha256:22650fb5e066b6b4297494bda1b03e2d1d691dd7017d0ec043dec1f07c5930da", + "repository": "$(params.git-url)", + "revision": "$(params.revision)" + }, + { + "component": "main", + "containerImage": "$(params.main-image-build-repo)@sha256:803d57f11ae1a718e1a1298a03f6377a383e058cb15cbeff631129c30dea0809" "repository": "$(params.git-url)", "revision": "$(params.revision)" } From fd62ffd19180cabb394c728652892c71984e996d Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 12 Dec 2024 13:33:09 +0100 Subject: [PATCH 21/92] fix comma --- .tekton/operator-bundle-pipeline.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index 24ec12c482931..058dab42e52d3 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -303,7 +303,7 @@ spec: }, { "component": "main", - "containerImage": "$(params.main-image-build-repo)@sha256:803d57f11ae1a718e1a1298a03f6377a383e058cb15cbeff631129c30dea0809" + "containerImage": "$(params.main-image-build-repo)@sha256:803d57f11ae1a718e1a1298a03f6377a383e058cb15cbeff631129c30dea0809", "repository": "$(params.git-url)", "revision": "$(params.revision)" } From cb0f158ec0748a28d3fcb6fdc4d1105f74b3f3a3 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 12 Dec 2024 13:36:43 +0100 Subject: [PATCH 22/92] fix --- .tekton/operator-bundle-pipeline.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index 058dab42e52d3..e6480cf326ee1 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -303,7 +303,7 @@ spec: }, { "component": "main", - "containerImage": "$(params.main-image-build-repo)@sha256:803d57f11ae1a718e1a1298a03f6377a383e058cb15cbeff631129c30dea0809", + "ref": "$(params.main-image-build-repo)@sha256:803d57f11ae1a718e1a1298a03f6377a383e058cb15cbeff631129c30dea0809", "repository": "$(params.git-url)", "revision": "$(params.revision)" } From 1ad2a65c9bd36d5eb397aab147d2bf880f5fc2b9 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 12 Dec 2024 13:40:50 +0100 Subject: [PATCH 23/92] fix formatting --- .tekton/create-snapshot-task.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index 7f946ca608390..0b2ca63332c7d 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -61,7 +61,7 @@ spec: def construct_snapshot(snapshot_name_prefix, application, components): - snapshot_name = snapshot_name_prefix + "-" + int(time.time()) + snapshot_name = f"{snapshot_name_prefix}-{int(time.time())}" return { "apiVersion": "appstudio.redhat.com/v1alpha1", "kind": "Snapshot", From 07ed2c18b1b4193684fdec5c914d5c826b6e05b7 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 12 Dec 2024 16:49:20 +0100 Subject: [PATCH 24/92] refactor to script and rolebinding --- .konflux/scripts/render_snapshot.py | 53 ++++++++++++++++++++++++ .tekton/create-snapshot-task.yaml | 63 ++--------------------------- 2 files changed, 56 insertions(+), 60 deletions(-) create mode 100644 .konflux/scripts/render_snapshot.py diff --git a/.konflux/scripts/render_snapshot.py b/.konflux/scripts/render_snapshot.py new file mode 100644 index 0000000000000..da1bc54aa468c --- /dev/null +++ b/.konflux/scripts/render_snapshot.py @@ -0,0 +1,53 @@ +#!/usr/bin/env python3 + +import json +import os +import time + + +def load_image_refs(): + return json.loads(os.getenv("IMAGE_REFS", "[]")) + + +def process_component(component): + return { + "containerImage": component["ref"], + "name": component["component"], + "source": { + "git": { + "revision": component["revision"], + "url": component["repository"] + } + } + } + + +def construct_snapshot(snapshot_name_prefix, application, components): + snapshot_name = f"{snapshot_name_prefix}-{int(time.time())}" + return { + "apiVersion": "appstudio.redhat.com/v1alpha1", + "kind": "Snapshot", + "metadata": { + "name": snapshot_name + }, + "spec": { + "application": application, + "components": components + } + } + + +if __name__ == '__main__': + application = os.getenv("APPLICATION", "") + image_refs = load_image_refs() + components = [process_component(c) for c in image_refs] + snapshot = construct_snapshot( + f"tm-{application}", + application, + components + ) + + print("Snapshot:", snapshot) + + with open("snapshot.json", "w") as f: + json.dump(snapshot, f) diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index 0b2ca63332c7d..6d7f9d04cadc5 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -25,8 +25,8 @@ spec: args: - use - $(params.SOURCE_ARTIFACT)=/var/workdir/source - - name: render-snapshot - image: registry.access.redhat.com/ubi9/ubi:latest + - name: create-snapshot + image: registry.redhat.io/openshift4/ose-cli@sha256:4d58b5a47a84f843e646c5272e32b2dbefac67fd56e283cb60635d792e6348f9 workingDir: /var/workdir/source env: - name: APPLICATION @@ -35,65 +35,8 @@ spec: fieldPath: metadata.labels['appstudio.openshift.io/application'] - name: IMAGE_REFS value: $(params.IMAGE_REFS) - script: | - #!/usr/bin/env python3 - - import json - import os - import time - - - def load_image_refs(): - return json.loads(os.getenv("IMAGE_REFS", "[]")) - - - def process_component(component): - return { - "containerImage": component["ref"], - "name": component["component"], - "source": { - "git": { - "revision": component["revision"], - "url": component["repository"] - } - } - } - - - def construct_snapshot(snapshot_name_prefix, application, components): - snapshot_name = f"{snapshot_name_prefix}-{int(time.time())}" - return { - "apiVersion": "appstudio.redhat.com/v1alpha1", - "kind": "Snapshot", - "metadata": { - "name": snapshot_name - }, - "spec": { - "application": application, - "components": components - } - } - - - if __name__ == '__main__': - application = os.getenv("APPLICATION", "") - image_refs = load_image_refs() - components = [process_component(c) for c in image_refs] - snapshot = construct_snapshot( - f"tm-{application}", - application, - components - ) - - print("Snapshot:", snapshot) - - with open("snapshot.json", "w") as f: - json.dump(snapshot, f) - - - name: apply-snapshot - image: registry.redhat.io/openshift4/ose-cli@sha256:4d58b5a47a84f843e646c5272e32b2dbefac67fd56e283cb60635d792e6348f9 - workingDir: /var/workdir/source script: | #!/usr/bin/env bash + .konflux/scripts/render_snapshot.py oc apply -f snapshot.json From e2335d4443c4afb2f36381eb8365889ab02079b2 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 12 Dec 2024 16:52:22 +0100 Subject: [PATCH 25/92] fix permissions --- .konflux/scripts/render_snapshot.py | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 .konflux/scripts/render_snapshot.py diff --git a/.konflux/scripts/render_snapshot.py b/.konflux/scripts/render_snapshot.py old mode 100644 new mode 100755 From 839e103d7c02bc51525e29cf68cf85be23db5d39 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Fri, 13 Dec 2024 13:47:45 +0100 Subject: [PATCH 26/92] read git-ref/scanner from image --- .konflux/scripts/render_snapshot.py | 17 ++++++++++---- .tekton/create-snapshot-task.yaml | 2 +- .tekton/operator-bundle-pipeline.yaml | 34 +++++++++++++++++++-------- .tekton/wait-for-image-task.yaml | 18 ++++++++++++++ 4 files changed, 56 insertions(+), 15 deletions(-) diff --git a/.konflux/scripts/render_snapshot.py b/.konflux/scripts/render_snapshot.py index da1bc54aa468c..0cac8bb2b87ee 100755 --- a/.konflux/scripts/render_snapshot.py +++ b/.konflux/scripts/render_snapshot.py @@ -6,13 +6,17 @@ def load_image_refs(): - return json.loads(os.getenv("IMAGE_REFS", "[]")) + return json.loads(os.getenv("IMAGE_REFS", '[{"component": "scanner", "ref": "", "revision": "", "repository": ""}]')) -def process_component(component): +def process_component(component, name_suffix): + if name_suffix != "": + name = f"{component["component"]}-{name_suffix}" + else: + name = component["component"] return { "containerImage": component["ref"], - "name": component["component"], + "name": name, "source": { "git": { "revision": component["revision"], @@ -37,10 +41,15 @@ def construct_snapshot(snapshot_name_prefix, application, components): } +def determine_component_name_suffix(application): + return application.lstrip("acs-") + + if __name__ == '__main__': application = os.getenv("APPLICATION", "") image_refs = load_image_refs() - components = [process_component(c) for c in image_refs] + name_suffix = determine_component_name_suffix(application) + components = [process_component(c, name_suffix) for c in image_refs] snapshot = construct_snapshot( f"tm-{application}", application, diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index 6d7f9d04cadc5..6453d5f916b38 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -39,4 +39,4 @@ spec: #!/usr/bin/env bash .konflux/scripts/render_snapshot.py - oc apply -f snapshot.json + oc create -f snapshot.json diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index e6480cf326ee1..c3ae6fac176e8 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -288,6 +288,26 @@ spec: - name: basic-auth workspace: git-auth + - name: determine-main-image-tag + params: + - name: TAG_SUFFIX + value: $(params.output-tag-suffix) + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: MAKEFILE_DIRECTORY + value: "." + taskRef: + name: determine-image-tag + + - name: wait-for-scanner-image + params: + - name: IMAGE + value: "$(params.scanner-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: + name: wait-for-image + # This timeout must be the same as the pipeline timeout in `scanner-retag.yaml` + timeout: 40m + - name: create-acs-style-snapshot params: - name: SOURCE_ARTIFACT @@ -296,16 +316,10 @@ spec: value: | [ { - "component": "stackrox-operator", - "ref": "$(params.operator-image-build-repo)@sha256:22650fb5e066b6b4297494bda1b03e2d1d691dd7017d0ec043dec1f07c5930da", - "repository": "$(params.git-url)", - "revision": "$(params.revision)" - }, - { - "component": "main", - "ref": "$(params.main-image-build-repo)@sha256:803d57f11ae1a718e1a1298a03f6377a383e058cb15cbeff631129c30dea0809", - "repository": "$(params.git-url)", - "revision": "$(params.revision)" + "component": "scanner", + "ref": "$(params.scanner-image-build-repo)@$(tasks.wait-for-scanner-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-scanner-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-scanner-image.results.GIT_REF)" } ] taskRef: diff --git a/.tekton/wait-for-image-task.yaml b/.tekton/wait-for-image-task.yaml index 176d3d28d288d..485e4f5e241e4 100644 --- a/.tekton/wait-for-image-task.yaml +++ b/.tekton/wait-for-image-task.yaml @@ -10,6 +10,10 @@ spec: description: Image reference. type: string results: + - name: GIT_REF + description: Git commit for the image's source code if provided as `vcs-ref` image label. + - name: GIT_REPO + description: Git repository URL for the image's source code if provided as `source-location` image label. - name: IMAGE_DIGEST description: Image digest in the format `sha256:abcdef0123`. steps: @@ -36,3 +40,17 @@ spec: --no-tags \ "docker://$(params.IMAGE)")" echo -n "$digest" | tee "$(results.IMAGE_DIGEST.path)" + + git_ref="$(skopeo inspect \ + --retry-times 10 \ + --format '{{ index .Labels "vcs-ref" }}')" \ + --no-tags + "docker://$(params.image)")" + echo -n "$git_ref" | tee "$(results.GIT_REF.path)" + + git_repo="$(skopeo inspect \ + --retry-times 10 \ + --format '{{ index .Labels "source-location" }}')" \ + --no-tags + "docker://$(params.image)")" + echo -n "$git_repo" | tee "$(results.GIT_REPO.path)" From b855af2db9adc9932cb7cdeadbb4bc796ce79f0d Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Fri, 13 Dec 2024 14:15:20 +0100 Subject: [PATCH 27/92] fix wait-for-image task --- .tekton/wait-for-image-task.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.tekton/wait-for-image-task.yaml b/.tekton/wait-for-image-task.yaml index 485e4f5e241e4..6b68ebc159078 100644 --- a/.tekton/wait-for-image-task.yaml +++ b/.tekton/wait-for-image-task.yaml @@ -45,12 +45,12 @@ spec: --retry-times 10 \ --format '{{ index .Labels "vcs-ref" }}')" \ --no-tags - "docker://$(params.image)")" + "docker://$(params.IMAGE)")" echo -n "$git_ref" | tee "$(results.GIT_REF.path)" git_repo="$(skopeo inspect \ --retry-times 10 \ --format '{{ index .Labels "source-location" }}')" \ --no-tags - "docker://$(params.image)")" + "docker://$(params.IMAGE)")" echo -n "$git_repo" | tee "$(results.GIT_REPO.path)" From bd2072f8f904cdec7ea13a67dccff88e49dfc7e5 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Fri, 13 Dec 2024 14:24:07 +0100 Subject: [PATCH 28/92] fix --- .tekton/wait-for-image-task.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.tekton/wait-for-image-task.yaml b/.tekton/wait-for-image-task.yaml index 6b68ebc159078..fe549899072bc 100644 --- a/.tekton/wait-for-image-task.yaml +++ b/.tekton/wait-for-image-task.yaml @@ -44,13 +44,13 @@ spec: git_ref="$(skopeo inspect \ --retry-times 10 \ --format '{{ index .Labels "vcs-ref" }}')" \ - --no-tags + --no-tags \ "docker://$(params.IMAGE)")" echo -n "$git_ref" | tee "$(results.GIT_REF.path)" git_repo="$(skopeo inspect \ --retry-times 10 \ --format '{{ index .Labels "source-location" }}')" \ - --no-tags + --no-tags \ "docker://$(params.IMAGE)")" echo -n "$git_repo" | tee "$(results.GIT_REPO.path)" From 27ac9ebf313cc0089361cd127b59d55beab2ef6a Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Fri, 13 Dec 2024 14:31:06 +0100 Subject: [PATCH 29/92] heh --- .tekton/wait-for-image-task.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.tekton/wait-for-image-task.yaml b/.tekton/wait-for-image-task.yaml index fe549899072bc..1585416a89e28 100644 --- a/.tekton/wait-for-image-task.yaml +++ b/.tekton/wait-for-image-task.yaml @@ -43,14 +43,14 @@ spec: git_ref="$(skopeo inspect \ --retry-times 10 \ - --format '{{ index .Labels "vcs-ref" }}')" \ + --format '{{ index .Labels "vcs-ref" }}' \ --no-tags \ "docker://$(params.IMAGE)")" echo -n "$git_ref" | tee "$(results.GIT_REF.path)" git_repo="$(skopeo inspect \ --retry-times 10 \ - --format '{{ index .Labels "source-location" }}')" \ + --format '{{ index .Labels "source-location" }}' \ --no-tags \ "docker://$(params.IMAGE)")" echo -n "$git_repo" | tee "$(results.GIT_REPO.path)" From df00660fff1abaa2b84c5006cbbd2bb919964803 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Fri, 13 Dec 2024 14:44:03 +0100 Subject: [PATCH 30/92] debug --- .konflux/scripts/render_snapshot.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.konflux/scripts/render_snapshot.py b/.konflux/scripts/render_snapshot.py index 0cac8bb2b87ee..d67368fcd474e 100755 --- a/.konflux/scripts/render_snapshot.py +++ b/.konflux/scripts/render_snapshot.py @@ -6,10 +6,11 @@ def load_image_refs(): - return json.loads(os.getenv("IMAGE_REFS", '[{"component": "scanner", "ref": "", "revision": "", "repository": ""}]')) + return json.loads(os.getenv("IMAGE_REFS", '[]')) def process_component(component, name_suffix): + print(component) if name_suffix != "": name = f"{component["component"]}-{name_suffix}" else: From 794e3da73e0c57b4d20f1a17aaf1ea22bca53c5e Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Fri, 13 Dec 2024 14:58:14 +0100 Subject: [PATCH 31/92] ha --- .konflux/scripts/render_snapshot.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.konflux/scripts/render_snapshot.py b/.konflux/scripts/render_snapshot.py index d67368fcd474e..bb81f81ef737d 100755 --- a/.konflux/scripts/render_snapshot.py +++ b/.konflux/scripts/render_snapshot.py @@ -12,7 +12,7 @@ def load_image_refs(): def process_component(component, name_suffix): print(component) if name_suffix != "": - name = f"{component["component"]}-{name_suffix}" + name = f"{component['component']}-{name_suffix}" else: name = component["component"] return { From 83e44922f4fc3b021362dd8beeb3a60ab9392e3e Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Fri, 13 Dec 2024 16:15:51 +0100 Subject: [PATCH 32/92] full pipeline --- .konflux/scripts/render_snapshot.py | 1 - .tekton/operator-bundle-pipeline.yaml | 413 ++++++++++++++++++++++++-- 2 files changed, 391 insertions(+), 23 deletions(-) diff --git a/.konflux/scripts/render_snapshot.py b/.konflux/scripts/render_snapshot.py index bb81f81ef737d..aafb02f6e8862 100755 --- a/.konflux/scripts/render_snapshot.py +++ b/.konflux/scripts/render_snapshot.py @@ -10,7 +10,6 @@ def load_image_refs(): def process_component(component, name_suffix): - print(component) if name_suffix != "": name = f"{component['component']}-{name_suffix}" else: diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index c3ae6fac176e8..8c77f0c97eb6e 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -26,19 +26,19 @@ spec: value: task resolver: bundles - # - name: show-sbom - # params: - # - name: IMAGE_URL - # value: $(tasks.build-container.results.IMAGE_URL) - # taskRef: - # params: - # - name: name - # value: show-sbom - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 - # - name: kind - # value: task - # resolver: bundles + - name: show-sbom + params: + - name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + taskRef: + params: + - name: name + value: show-sbom + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 + - name: kind + value: task + resolver: bundles params: - description: Source Repository URL @@ -215,21 +215,21 @@ spec: default: "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8" results: - # - description: "" - # name: IMAGE_URL - # value: $(tasks.build-container.results.IMAGE_URL) - # - description: "" - # name: IMAGE_DIGEST - # value: $(tasks.build-container.results.IMAGE_DIGEST) + - description: "" + name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) - description: "" name: CHAINS-GIT_URL value: $(tasks.clone-repository.results.url) - description: "" name: CHAINS-GIT_COMMIT value: $(tasks.clone-repository.results.commit) - # - description: "" - # name: JAVA_COMMUNITY_DEPENDENCIES - # value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) + - description: "" + name: JAVA_COMMUNITY_DEPENDENCIES + value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) workspaces: - name: git-auth @@ -288,6 +288,17 @@ spec: - name: basic-auth workspace: git-auth + - name: determine-operator-image-tag + params: + - name: TAG_SUFFIX + value: $(params.output-tag-suffix) + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: MAKEFILE_DIRECTORY + value: ./operator + taskRef: + name: determine-image-tag + - name: determine-main-image-tag params: - name: TAG_SUFFIX @@ -299,6 +310,47 @@ spec: taskRef: name: determine-image-tag + - name: prefetch-dependencies + params: + - name: input + value: $(params.prefetch-input) + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: ociStorage + value: $(params.output-image-repo):konflux-$(params.revision).prefetch + - name: ociArtifactExpiresAfter + value: $(params.oci-artifact-expires-after) + taskRef: + params: + - name: name + value: prefetch-dependencies-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:b1ac9124ad909a8d7dbac01b1a02ef9a973d448d4c94efcf3d1b29e2a5c9e76f + - name: kind + value: task + resolver: bundles + workspaces: + - name: git-basic-auth + workspace: git-auth + + - name: wait-for-operator-image + params: + - name: IMAGE + value: "$(params.operator-image-build-repo):$(tasks.determine-operator-image-tag.results.IMAGE_TAG)" + taskRef: + name: wait-for-image + # This timeout must be the same as the pipeline timeout in `operator-build.yaml`. + timeout: 1h10m + + - name: wait-for-main-image + params: + - name: IMAGE + value: "$(params.main-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: + name: wait-for-image + # This timeout must be the same as the pipeline timeout in `main-build.yaml`. + timeout: 2h40m + - name: wait-for-scanner-image params: - name: IMAGE @@ -308,6 +360,305 @@ spec: # This timeout must be the same as the pipeline timeout in `scanner-retag.yaml` timeout: 40m + - name: wait-for-scanner-db-image + params: + - name: IMAGE + value: "$(params.scanner-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: + name: wait-for-image + # This timeout must be the same as the pipeline timeout in `scanner-db-retag.yaml` + timeout: 40m + + - name: wait-for-scanner-slim-image + params: + - name: IMAGE + value: "$(params.scanner-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: + name: wait-for-image + # This timeout must be the same as the pipeline timeout in `scanner-slim-retag.yaml` + timeout: 40m + + - name: wait-for-scanner-db-slim-image + params: + - name: IMAGE + value: "$(params.scanner-db-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: + name: wait-for-image + # This timeout must be the same as the pipeline timeout in `scanner-db-slim-retag.yaml` + timeout: 40m + + - name: wait-for-scanner-v4-image + params: + - name: IMAGE + value: "$(params.scanner-v4-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: + name: wait-for-image + # This timeout must be the same as the pipeline timeout in `scanner-v4-build.yaml`. + timeout: 1h10m + + - name: wait-for-scanner-v4-db-image + params: + - name: IMAGE + value: "$(params.scanner-v4-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: + name: wait-for-image + # This timeout must be the same as the pipeline timeout in `scanner-v4-db-build.yaml`. + timeout: 1h10m + + - name: wait-for-collector-slim-image + params: + - name: IMAGE + value: "$(params.collector-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: + name: wait-for-image + # The timeout must be the same as the pipeline timeout in `collector-slim-retag.yaml` + timeout: 40m + + - name: wait-for-collector-full-image + params: + - name: IMAGE + value: "$(params.collector-full-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: + name: wait-for-image + # The timeout must be the same as the pipeline timeout in `collector-full-retag.yaml` + timeout: 40m + + - name: wait-for-roxctl-image + params: + - name: IMAGE + value: "$(params.roxctl-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: + name: wait-for-image + # This timeout must be the same as the pipeline timeout in `roxctl-build.yaml`. + timeout: 1h10m + + - name: wait-for-central-db-image + params: + - name: IMAGE + value: "$(params.central-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: + name: wait-for-image + # This timeout must be the same as the pipeline timeout in `central-db-build.yaml`. + timeout: 1h40m + + - name: build-container + params: + - name: IMAGE + # Note the operator bundle tag is prefixed with "v". + value: $(params.output-image-repo):v$(tasks.determine-operator-image-tag.results.IMAGE_TAG) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - OPERATOR_IMAGE_TAG=$(tasks.determine-operator-image-tag.results.IMAGE_TAG) + - OPERATOR_IMAGE_REF=$(params.operator-image-catalog-repo)@$(tasks.wait-for-operator-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_MAIN=$(params.main-image-catalog-repo)@$(tasks.wait-for-main-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_SCANNER=$(params.scanner-image-catalog-repo)@$(tasks.wait-for-scanner-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_SCANNER_DB=$(params.scanner-db-image-catalog-repo)@$(tasks.wait-for-scanner-db-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_SCANNER_SLIM=$(params.scanner-slim-image-catalog-repo)@$(tasks.wait-for-scanner-slim-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_SCANNER_DB_SLIM=$(params.scanner-db-slim-image-catalog-repo)@$(tasks.wait-for-scanner-db-slim-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_SCANNER_V4=$(params.scanner-v4-image-catalog-repo)@$(tasks.wait-for-scanner-v4-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_SCANNER_V4_DB=$(params.scanner-v4-db-image-catalog-repo)@$(tasks.wait-for-scanner-v4-db-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_COLLECTOR_SLIM=$(params.collector-slim-image-catalog-repo)@$(tasks.wait-for-collector-slim-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_COLLECTOR_FULL=$(params.collector-full-image-catalog-repo)@$(tasks.wait-for-collector-full-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_ROXCTL=$(params.roxctl-image-catalog-repo)@$(tasks.wait-for-roxctl-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_CENTRAL_DB=$(params.central-db-image-catalog-repo)@$(tasks.wait-for-central-db-image.results.IMAGE_DIGEST) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + taskRef: + params: + - name: name + value: buildah-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.2@sha256:ea5f13f235f98e9f0da599439f0b62b729901a5b6ad8d673daf3821f3f9cb66f + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: [ "true" ] + + - name: apply-tags + params: + - name: IMAGE + value: $(tasks.build-container.results.IMAGE_URL) + - name: ADDITIONAL_TAGS + value: + - konflux-$(params.revision) + taskRef: + params: + - name: name + value: apply-tags + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:87fd7fc0e937aad1a8db9b6e377d7e444f53394dafde512d68adbea6966a4702 + - name: kind + value: task + resolver: bundles + + - name: build-source-image + params: + - name: BINARY_IMAGE + value: $(tasks.build-container.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + taskRef: + params: + - name: name + value: source-build-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.1@sha256:bd786bc1d33391bb169f98a1070d1a39e410b835f05fd0db0263754c65bd9bea + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: [ "true" ] + - input: $(params.build-source-image) + operator: in + values: [ "true" ] + + - name: deprecated-base-image-check + params: + - name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) + taskRef: + params: + - name: name + value: deprecated-image-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:5a1a165fa02270f0a947d8a2131ee9d8be0b8e9d34123828c2bef589e504ee84 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: [ "false" ] + + - name: clair-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + taskRef: + params: + - name: name + value: clair-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:0a5421111e7092740398691d5bd7c125cc0896f29531d19414bb5724ae41692a + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: [ "false" ] + + - name: sast-snyk-check + params: + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + taskRef: + params: + - name: name + value: sast-snyk-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:65a213322ea7c64159e37071d369d74b6378b23403150e29537865cada90f022 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: [ "false" ] + + - name: clamav-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + taskRef: + params: + - name: name + value: clamav-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:b4f450f1447b166da671f1d5819ab5a1485083e5c27ab91f7d8b7a2ff994c8c2 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: [ "false" ] + + - name: rpms-signature-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:28aaf87d61078a0aeeeabcae455eda7d05c4f9b81d8995bdcf3dde95c1a7a77b + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: ["false"] + + - name: push-dockerfile + params: + - name: IMAGE + value: $(tasks.build-container.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + taskRef: + params: + - name: name + value: push-dockerfile-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:80d48a1b9d2707490309941ec9f79338533938f959ca9a207b481b0e8a5e7a93 + - name: kind + value: task + resolver: bundles + - name: create-acs-style-snapshot params: - name: SOURCE_ARTIFACT @@ -320,6 +671,24 @@ spec: "ref": "$(params.scanner-image-build-repo)@$(tasks.wait-for-scanner-image.results.IMAGE_DIGEST)", "repository": "$(tasks.wait-for-scanner-image.results.GIT_REPO)", "revision": "$(tasks.wait-for-scanner-image.results.GIT_REF)" + }, + { + "component": "collector", + "ref": "$(params.collector-image-build-repo)@$(tasks.wait-for-collector-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-collector-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-collector-image.results.GIT_REF)" + }, + { + "component": "central-db", + "ref": "$(params.central-db-image-build-repo)@$(tasks.wait-for-central-db-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-central-db-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-central-db-image.results.GIT_REF)" + }, + { + "component": "operator-bundle", + "ref": "$(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST)", + "repository": "$(params.git-url)", + "revision": "$(tasks.revision)" } ] taskRef: From e2317a87b45dc45824ea1f0b817f3618d8c733b3 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Mon, 16 Dec 2024 12:46:42 +0100 Subject: [PATCH 33/92] fix wrong parameter --- .tekton/operator-bundle-pipeline.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index 8c77f0c97eb6e..1fd1d648e4bd3 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -674,7 +674,7 @@ spec: }, { "component": "collector", - "ref": "$(params.collector-image-build-repo)@$(tasks.wait-for-collector-image.results.IMAGE_DIGEST)", + "ref": "$(params.collector-full-image-build-repo)@$(tasks.wait-for-collector-image.results.IMAGE_DIGEST)", "repository": "$(tasks.wait-for-collector-image.results.GIT_REPO)", "revision": "$(tasks.wait-for-collector-image.results.GIT_REF)" }, From ffce1f9fae0ef2a74a90751df29ba021a2d6c865 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Mon, 16 Dec 2024 13:08:47 +0100 Subject: [PATCH 34/92] fix --- .tekton/operator-bundle-pipeline.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index 1fd1d648e4bd3..6dc381d2eccec 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -688,7 +688,7 @@ spec: "component": "operator-bundle", "ref": "$(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST)", "repository": "$(params.git-url)", - "revision": "$(tasks.revision)" + "revision": "$(params.revision)" } ] taskRef: From 876fcc397f9f47006d522f236cd9e277d9fc3db0 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Mon, 16 Dec 2024 13:12:14 +0100 Subject: [PATCH 35/92] fix --- .tekton/operator-bundle-pipeline.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index 6dc381d2eccec..e16468c233f07 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -674,9 +674,9 @@ spec: }, { "component": "collector", - "ref": "$(params.collector-full-image-build-repo)@$(tasks.wait-for-collector-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-collector-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-collector-image.results.GIT_REF)" + "ref": "$(params.collector-full-image-build-repo)@$(tasks.wait-for-collector-full-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-collector-full-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-collector-full-image.results.GIT_REF)" }, { "component": "central-db", From e08a4636e46a02ada294d97c7d2f12740d3cddc7 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Mon, 16 Dec 2024 15:56:47 +0100 Subject: [PATCH 36/92] expose SNAPSHOT_NAME, run after all other tasks --- .konflux/scripts/render_snapshot.py | 4 +- .tekton/create-snapshot-task.yaml | 7 +- .tekton/operator-bundle-pipeline.yaml | 15 ++ file.txt | 1 + logs.txt | 233 ++++++++++++++++++++++++++ sample-snapshot-minimal.yml | 14 ++ sample-snapshot.yaml | 149 ++++++++++++++++ snapshot.json | 1 + 8 files changed, 420 insertions(+), 4 deletions(-) create mode 100644 file.txt create mode 100644 logs.txt create mode 100644 sample-snapshot-minimal.yml create mode 100644 sample-snapshot.yaml create mode 100644 snapshot.json diff --git a/.konflux/scripts/render_snapshot.py b/.konflux/scripts/render_snapshot.py index aafb02f6e8862..27283c444b46f 100755 --- a/.konflux/scripts/render_snapshot.py +++ b/.konflux/scripts/render_snapshot.py @@ -56,7 +56,7 @@ def determine_component_name_suffix(application): components ) - print("Snapshot:", snapshot) - with open("snapshot.json", "w") as f: json.dump(snapshot, f) + + print(snapshot["metadata"]["name"], end="") diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index 6453d5f916b38..6b54cccf2475a 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -4,7 +4,7 @@ metadata: name: create-snapshot namespace: rh-acs-tenant spec: - description: Creates snapshot + description: Creates a snapshot based on the components, image refs and Git information passed to the task. params: - name: SOURCE_ARTIFACT description: The Trusted Artifact URI pointing to the application source code. @@ -12,6 +12,9 @@ spec: - name: IMAGE_REFS description: Image references. type: string + results: + - name: SNAPSHOT_NAME + description: Name of the snapshot created by this task. volumes: - name: workdir emptyDir: { } @@ -38,5 +41,5 @@ spec: script: | #!/usr/bin/env bash - .konflux/scripts/render_snapshot.py + .konflux/scripts/render_snapshot.py | tee "$(results.SNAPSHOT_NAME.path)" oc create -f snapshot.json diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index e16468c233f07..8d9798ad5fc08 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -230,6 +230,9 @@ spec: - description: "" name: JAVA_COMMUNITY_DEPENDENCIES value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) + - description: "" + name: SNAPSHOT_NAME + value: $(tasks.create-acs-style-snapshot.results.SNAPSHOT_NAME) workspaces: - name: git-auth @@ -660,6 +663,18 @@ spec: resolver: bundles - name: create-acs-style-snapshot + # Explicitly running after all other tasks to ensure that + # - there are no failures that should prevent a release of the operator-bundle image (missing RPMs signatures, deprecated base images, ...) + # - the source image is present as it is required by EC + runAfter: + - apply-tags + - build-source-image + - clair-scan + - clamav-scan + - deprecated-base-image-check + - rpms-signature-scan + - sast-snyk-check + - push-dockerfile params: - name: SOURCE_ARTIFACT value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) diff --git a/file.txt b/file.txt new file mode 100644 index 0000000000000..deba01fc8d982 --- /dev/null +++ b/file.txt @@ -0,0 +1 @@ +something diff --git a/logs.txt b/logs.txt new file mode 100644 index 0000000000000..164a9955542f4 --- /dev/null +++ b/logs.txt @@ -0,0 +1,233 @@ +{"level":"info","ts":1734167930.11061,"caller":"logging/logger.go:88","msg":"starting infra server","version":"0.10.44"} +{"level":"info","ts":1734167930.1361732,"caller":"logging/logger.go:88","msg":"registered flavor","flavor-id":"demo","flavor-name":"StackRox Demo"} +{"level":"info","ts":1734167930.1362557,"caller":"logging/logger.go:88","msg":"registered default flavor","flavor-id":"demo","flavor-name":"StackRox Demo"} +{"level":"info","ts":1734167930.139517,"caller":"logging/logger.go:88","msg":"registered flavor","flavor-id":"qa-demo","flavor-name":"StackRox Demo for QA testing"} +{"level":"info","ts":1734167930.1413038,"caller":"logging/logger.go:88","msg":"registered flavor","flavor-id":"gke-default","flavor-name":"GKE Default"} +{"level":"info","ts":1734167930.1434097,"caller":"logging/logger.go:88","msg":"registered flavor","flavor-id":"openshift-4","flavor-name":"OpenShift 4.x"} +{"level":"info","ts":1734167930.1472514,"caller":"logging/logger.go:88","msg":"registered flavor","flavor-id":"openshift-4-demo","flavor-name":"OpenShift 4.x Demo"} +{"level":"info","ts":1734167930.1496708,"caller":"logging/logger.go:88","msg":"registered flavor","flavor-id":"openshift-4-perf-scale","flavor-name":"OpenShift 4.x Perf&Scale"} +{"level":"info","ts":1734167930.1521616,"caller":"logging/logger.go:88","msg":"registered flavor","flavor-id":"eks","flavor-name":"EKS"} +{"level":"info","ts":1734167930.153991,"caller":"logging/logger.go:88","msg":"registered flavor","flavor-id":"aks","flavor-name":"AKS"} +{"level":"info","ts":1734167930.1558964,"caller":"logging/logger.go:88","msg":"registered flavor","flavor-id":"aro","flavor-name":"ARO"} +{"level":"info","ts":1734167930.1578908,"caller":"logging/logger.go:88","msg":"registered flavor","flavor-id":"rosa","flavor-name":"ROSA"} +{"level":"info","ts":1734167930.1598818,"caller":"logging/logger.go:88","msg":"registered flavor","flavor-id":"rosahcp","flavor-name":"Hypershift on ROSA (HCP)"} +{"level":"info","ts":1734167930.1622593,"caller":"logging/logger.go:88","msg":"registered flavor","flavor-id":"osd-on-aws","flavor-name":"OSD on AWS"} +{"level":"info","ts":1734167930.1641128,"caller":"logging/logger.go:88","msg":"registered flavor","flavor-id":"osd-on-gcp","flavor-name":"OSD on GCP"} +{"level":"info","ts":1734167930.1660697,"caller":"logging/logger.go:88","msg":"registered flavor","flavor-id":"ibmroks","flavor-name":"IBM ROKS"} +{"level":"info","ts":1734167930.8129487,"caller":"logging/logger.go:88","msg":"enabled Slack integration"} +{"level":"info","ts":1734167930.8132737,"caller":"logging/logger.go:88","msg":"enabled BigQuery integration"} +{"level":"info","ts":1734167930.8162975,"caller":"logging/logger.go:88","msg":"starting gRPC server","listen-address":"0.0.0.0:8443"} +{"level":"info","ts":1734167930.8166072,"caller":"logging/logger.go:88","msg":"starting gRPC-Gateway client","connect-address":"localhost:8443"} +{"level":"info","ts":1734167930.8198426,"caller":"server/server.go:89","msg":"starting metrics server","listenAddress":"0.0.0.0:9101"} +{"level":"warn","ts":1734167937.8321078,"caller":"logging/logger.go:88","msg":"slack loop took 7.013176047s"} +{"level":"warn","ts":1734171794.021888,"caller":"logging/logger.go:88","msg":"slack loop took 5.086581529s"} +{"level":"warn","ts":1734174044.247585,"caller":"logging/logger.go:88","msg":"slack loop took 5.191157657s"} +{"level":"warn","ts":1734176813.0653925,"caller":"logging/logger.go:88","msg":"slack loop took 5.090979639s"} +{"level":"warn","ts":1734184805.9805698,"caller":"logging/logger.go:88","msg":"slack loop took 7.186899299s"} +{"level":"warn","ts":1734185451.4227679,"caller":"logging/logger.go:88","msg":"slack loop took 5.491284842s"} +{"level":"info","ts":1734185683.2187712,"caller":"logging/logger.go:88","msg":"resuming an argo workflow that has expired","workflow-name":"gdth-12-10-profuse-replaceme-fbkhp"} +time="2024-12-14T14:14:43Z" level=info msg="Workflow to be dehydrated" Workflow Size=8881 +{"level":"warn","ts":1734186033.1086137,"caller":"logging/logger.go:88","msg":"slack loop took 5.212026812s"} +{"level":"warn","ts":1734188413.9714744,"caller":"logging/logger.go:88","msg":"slack loop took 5.593209588s"} +{"level":"warn","ts":1734192013.559057,"caller":"logging/logger.go:88","msg":"slack loop took 5.541082784s"} +{"level":"warn","ts":1734195615.546251,"caller":"logging/logger.go:88","msg":"slack loop took 5.944798931s"} +{"level":"warn","ts":1734195873.517076,"caller":"logging/logger.go:88","msg":"slack loop took 5.102843278s"} +{"level":"warn","ts":1734199212.9040923,"caller":"logging/logger.go:88","msg":"slack loop took 5.624560477s"} +{"level":"warn","ts":1734200433.7573,"caller":"logging/logger.go:88","msg":"slack loop took 5.058267654s"} +{"level":"warn","ts":1734201078.048799,"caller":"logging/logger.go:88","msg":"slack loop took 5.012268769s"} +{"level":"warn","ts":1734202813.6826007,"caller":"logging/logger.go:88","msg":"slack loop took 5.776847418s"} +{"level":"info","ts":1734206231.4521222,"caller":"logging/logger.go:88","msg":"resuming an argo workflow that has expired","workflow-name":"rt-12-09-tacit-beam-long-jv2c9"} +time="2024-12-14T19:57:11Z" level=info msg="Workflow to be dehydrated" Workflow Size=8609 +{"level":"warn","ts":1734206409.6140459,"caller":"logging/logger.go:88","msg":"slack loop took 5.000561787s"} +{"level":"warn","ts":1734206609.6953154,"caller":"logging/logger.go:88","msg":"slack generic get user by email error","email":"rhacs-bot+infra@redhat.com","error":"slack server error: 500 Internal Server Error"} +{"level":"warn","ts":1734206611.715718,"caller":"logging/logger.go:88","msg":"slack loop took 14.143898647s"} +{"level":"info","ts":1734207638.308978,"caller":"logging/logger.go:88","msg":"resuming an argo workflow that has expired","workflow-name":"jv-12-09-ocp-xl4cd"} +time="2024-12-14T20:20:38Z" level=info msg="Workflow to be dehydrated" Workflow Size=7796 +{"level":"info","ts":1734210634.1133995,"caller":"logging/logger.go:88","msg":"resuming an argo workflow that has expired","workflow-name":"ds-12-09-woebegone-sort-box-dfhzj"} +time="2024-12-14T21:10:34Z" level=info msg="Workflow to be dehydrated" Workflow Size=5542 +{"level":"warn","ts":1734211345.8183193,"caller":"logging/logger.go:88","msg":"slack loop took 5.240203755s"} +{"level":"info","ts":1734215099.9679441,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"shesselm@redhat.com","cluster-id":"sh-12-09-1","lifespan-update-method":"ADD","lifespan":"seconds:172800","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734215100.486906,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"sh-12-09-1-29868","lifespan-update-method":"ADD","lifespan":"seconds:172800"} +{"level":"warn","ts":1734228014.5121148,"caller":"logging/logger.go:88","msg":"slack loop took 5.482216891s"} +{"level":"warn","ts":1734230123.203568,"caller":"logging/logger.go:88","msg":"slack loop took 5.053067776s"} +{"level":"info","ts":1734238972.5657942,"caller":"logging/logger.go:88","msg":"could not find an argo workflow to match infra cluster by label","cluster-id":"central-login-12336008334"} +time="2024-12-15T05:02:52Z" level=error msg="failed to get live workflow: workflows.argoproj.io \"central-login-12336008334\" not found; failed to get archived workflow: rpc error: code = Internal desc = getting archived workflows not supported" +{"level":"info","ts":1734238972.8001893,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"rhacs-bot+infra@redhat.com","flavor-id":"qa-demo","log-type":"audit","phase":"cluster-create"} +{"level":"info","ts":1734238973.2089128,"caller":"logging/logger.go:88","msg":"could not find an argo workflow to match infra cluster by label","cluster-id":"central-login-12336008334"} +time="2024-12-15T05:02:53Z" level=error msg="failed to get live workflow: workflows.argoproj.io \"central-login-12336008334\" not found; failed to get archived workflow: rpc error: code = Internal desc = getting archived workflows not supported" +{"level":"info","ts":1734238973.215124,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"qa-demo","cluster-id":"central-login-12336008334","cluster-owner":"rhacs-bot+infra@redhat.com"} +{"level":"info","ts":1734238973.2504823,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"central-login-12336008334-wwt2d","cluster-id":"central-login-12336008334"} +{"level":"info","ts":1734239082.4723105,"caller":"logging/logger.go:88","msg":"could not find an argo workflow to match infra cluster by label","cluster-id":"jenkins-plugin-12336003189"} +time="2024-12-15T05:04:42Z" level=error msg="failed to get live workflow: workflows.argoproj.io \"jenkins-plugin-12336003189\" not found; failed to get archived workflow: rpc error: code = Internal desc = getting archived workflows not supported" +{"level":"info","ts":1734239082.8671625,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"rhacs-bot+infra@redhat.com","flavor-id":"qa-demo","log-type":"audit","phase":"cluster-create"} +{"level":"info","ts":1734239083.280192,"caller":"logging/logger.go:88","msg":"could not find an argo workflow to match infra cluster by label","cluster-id":"jenkins-plugin-12336003189"} +time="2024-12-15T05:04:43Z" level=error msg="failed to get live workflow: workflows.argoproj.io \"jenkins-plugin-12336003189\" not found; failed to get archived workflow: rpc error: code = Internal desc = getting archived workflows not supported" +{"level":"info","ts":1734239083.2855456,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"qa-demo","cluster-id":"jenkins-plugin-12336003189","cluster-owner":"rhacs-bot+infra@redhat.com"} +{"level":"info","ts":1734239083.3061798,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"jenkins-plugin-12336003189-54z67","cluster-id":"jenkins-plugin-12336003189"} +{"level":"warn","ts":1734240029.2872643,"caller":"logging/logger.go:88","msg":"slack loop took 8.526151722s"} +{"level":"warn","ts":1734240350.2812488,"caller":"logging/logger.go:88","msg":"slack loop took 5.117674117s"} +{"level":"info","ts":1734240469.4299254,"caller":"logging/logger.go:88","msg":"received a delete request for infra cluster","actor":"rhacs-bot+infra@redhat.com","cluster-id":"jenkins-plugin-12336003189","log-type":"audit","phase":"cluster-delete"} +{"level":"info","ts":1734240469.8591003,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"jenkins-plugin-12336003189-54z67","lifespan-update-method":"REPLACE","lifespan":""} +{"level":"info","ts":1734240469.8762,"caller":"logging/logger.go:88","msg":"resuming argo workflow","workflow-name":"jenkins-plugin-12336003189-54z67"} +time="2024-12-15T05:27:49Z" level=info msg="Workflow to be dehydrated" Workflow Size=9085 +{"level":"info","ts":1734242608.2424219,"caller":"logging/logger.go:88","msg":"resuming an argo workflow that has expired","workflow-name":"central-login-12336008334-wwt2d"} +time="2024-12-15T06:03:28Z" level=info msg="Workflow to be dehydrated" Workflow Size=9019 +{"level":"warn","ts":1734249183.170314,"caller":"logging/logger.go:88","msg":"slack loop took 7.212962848s"} +{"level":"info","ts":1734270245.6150892,"caller":"logging/logger.go:88","msg":"resuming an argo workflow that has expired","workflow-name":"qa-k8s-4-6-1-rc-3-2r4d9"} +time="2024-12-15T13:44:05Z" level=info msg="Workflow to be dehydrated" Workflow Size=8491 +{"level":"info","ts":1734270246.0988765,"caller":"logging/logger.go:88","msg":"resuming an argo workflow that has expired","workflow-name":"openshift-4-demo-4-6-1-rc-3-qqql6"} +time="2024-12-15T13:44:06Z" level=info msg="Workflow to be dehydrated" Workflow Size=49495 +{"level":"warn","ts":1734270277.7807527,"caller":"logging/logger.go:88","msg":"slack loop took 5.32820576s"} +{"level":"warn","ts":1734272441.4188654,"caller":"logging/logger.go:88","msg":"slack generic get user by email error","email":"rhacs-bot+infra@redhat.com","error":"slack server error: 500 Internal Server Error"} +{"level":"warn","ts":1734272443.2589371,"caller":"logging/logger.go:88","msg":"slack loop took 13.189567206s"} +{"level":"info","ts":1734302314.990824,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"dcaravel@redhat.com","flavor-id":"openshift-4","log-type":"audit","phase":"cluster-create"} +{"level":"info","ts":1734302315.391594,"caller":"logging/logger.go:88","msg":"could not find an argo workflow to match infra cluster by label","cluster-id":"dc-12-15-1"} +time="2024-12-15T22:38:35Z" level=error msg="failed to get live workflow: workflows.argoproj.io \"dc-12-15-1\" not found; failed to get archived workflow: rpc error: code = Internal desc = getting archived workflows not supported" +{"level":"info","ts":1734302315.3971422,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"openshift-4","cluster-id":"dc-12-15-1","cluster-owner":"dcaravel@redhat.com"} +{"level":"info","ts":1734302315.420301,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"dc-12-15-1-6btpj","cluster-id":"dc-12-15-1"} +{"level":"info","ts":1734302339.0222907,"caller":"logging/logger.go:88","msg":"resuming an argo workflow that has expired","workflow-name":"jvdm-chum-v6wgg"} +time="2024-12-15T22:38:59Z" level=info msg="Workflow to be dehydrated" Workflow Size=7583 +{"level":"info","ts":1734305168.9422233,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"dcaravel@redhat.com","cluster-id":"dc-12-15-1","lifespan-update-method":"REPLACE","lifespan":"seconds:43200","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734305169.489347,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"dc-12-15-1-6btpj","lifespan-update-method":"REPLACE","lifespan":"seconds:43200"} +{"level":"info","ts":1734305205.869775,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"dcaravel@redhat.com","cluster-id":"dc-12-15-1","lifespan-update-method":"ADD","lifespan":"seconds:172800","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734305206.2636771,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"dc-12-15-1-6btpj","lifespan-update-method":"ADD","lifespan":"seconds:172800"} +{"level":"info","ts":1734325513.3546999,"caller":"logging/logger.go:88","msg":"could not find an argo workflow to match infra cluster by label","cluster-id":"jenkins-plugin-12346245659"} +time="2024-12-16T05:05:13Z" level=error msg="failed to get live workflow: workflows.argoproj.io \"jenkins-plugin-12346245659\" not found; failed to get archived workflow: rpc error: code = Internal desc = getting archived workflows not supported" +{"level":"info","ts":1734325513.6787367,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"rhacs-bot+infra@redhat.com","flavor-id":"qa-demo","log-type":"audit","phase":"cluster-create"} +{"level":"info","ts":1734325514.1492295,"caller":"logging/logger.go:88","msg":"could not find an argo workflow to match infra cluster by label","cluster-id":"jenkins-plugin-12346245659"} +time="2024-12-16T05:05:14Z" level=error msg="failed to get live workflow: workflows.argoproj.io \"jenkins-plugin-12346245659\" not found; failed to get archived workflow: rpc error: code = Internal desc = getting archived workflows not supported" +{"level":"info","ts":1734325514.161289,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"qa-demo","cluster-id":"jenkins-plugin-12346245659","cluster-owner":"rhacs-bot+infra@redhat.com"} +{"level":"info","ts":1734325514.1972096,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"jenkins-plugin-12346245659-ph9sj","cluster-id":"jenkins-plugin-12346245659"} +{"level":"info","ts":1734326930.0038364,"caller":"logging/logger.go:88","msg":"received a delete request for infra cluster","actor":"rhacs-bot+infra@redhat.com","cluster-id":"jenkins-plugin-12346245659","log-type":"audit","phase":"cluster-delete"} +{"level":"info","ts":1734326930.40942,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"jenkins-plugin-12346245659-ph9sj","lifespan-update-method":"REPLACE","lifespan":""} +{"level":"info","ts":1734326930.42742,"caller":"logging/logger.go:88","msg":"resuming argo workflow","workflow-name":"jenkins-plugin-12346245659-ph9sj"} +time="2024-12-16T05:28:50Z" level=info msg="Workflow to be dehydrated" Workflow Size=9091 +{"level":"info","ts":1734333081.50989,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"jvirtane@redhat.com","flavor-id":"openshift-4","log-type":"audit","phase":"cluster-create"} +{"level":"info","ts":1734333081.912259,"caller":"logging/logger.go:88","msg":"could not find an argo workflow to match infra cluster by label","cluster-id":"jv-12-15-ocp"} +time="2024-12-16T07:11:21Z" level=error msg="failed to get live workflow: workflows.argoproj.io \"jv-12-15-ocp\" not found; failed to get archived workflow: rpc error: code = Internal desc = getting archived workflows not supported" +{"level":"info","ts":1734333081.9169064,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"openshift-4","cluster-id":"jv-12-15-ocp","cluster-owner":"jvirtane@redhat.com"} +{"level":"info","ts":1734333081.9358597,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"jv-12-15-ocp-d6jst","cluster-id":"jv-12-15-ocp"} +{"level":"info","ts":1734337701.9519358,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"jvirtane@redhat.com","cluster-id":"jv-12-15-ocp","lifespan-update-method":"ADD","lifespan":"seconds:172800","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734337702.4857795,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"jv-12-15-ocp-d6jst","lifespan-update-method":"ADD","lifespan":"seconds:172800"} +{"level":"info","ts":1734337725.113304,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"prygiels@redhat.com","flavor-id":"openshift-4","log-type":"audit","phase":"cluster-create"} +{"level":"info","ts":1734337725.6288273,"caller":"logging/logger.go:88","msg":"could not find an argo workflow to match infra cluster by label","cluster-id":"piotr-12-16-work"} +time="2024-12-16T08:28:45Z" level=error msg="failed to get live workflow: workflows.argoproj.io \"piotr-12-16-work\" not found; failed to get archived workflow: rpc error: code = Internal desc = getting archived workflows not supported" +{"level":"info","ts":1734337725.6357338,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"openshift-4","cluster-id":"piotr-12-16-work","cluster-owner":"prygiels@redhat.com"} +{"level":"info","ts":1734337725.6557422,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"piotr-12-16-work-gc5gw","cluster-id":"piotr-12-16-work"} +{"level":"info","ts":1734337729.2900555,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"prygiels@redhat.com","cluster-id":"piotr-12-16-work","lifespan-update-method":"REPLACE","lifespan":"seconds:14400","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734337729.6726356,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"prygiels@redhat.com","cluster-id":"piotr-12-16-work","lifespan-update-method":"REPLACE","lifespan":"seconds:18000","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734337729.7261958,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"piotr-12-16-work-gc5gw","lifespan-update-method":"REPLACE","lifespan":"seconds:14400"} +{"level":"info","ts":1734337730.032325,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"prygiels@redhat.com","cluster-id":"piotr-12-16-work","lifespan-update-method":"REPLACE","lifespan":"seconds:21600","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734337730.2071147,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"piotr-12-16-work-gc5gw","lifespan-update-method":"REPLACE","lifespan":"seconds:18000"} +{"level":"info","ts":1734337730.4491024,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"piotr-12-16-work-gc5gw","lifespan-update-method":"REPLACE","lifespan":"seconds:21600"} +{"level":"info","ts":1734337730.4678617,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"prygiels@redhat.com","cluster-id":"piotr-12-16-work","lifespan-update-method":"REPLACE","lifespan":"seconds:25200","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734337730.896888,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"piotr-12-16-work-gc5gw","lifespan-update-method":"REPLACE","lifespan":"seconds:25200"} +{"level":"info","ts":1734337731.0117621,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"prygiels@redhat.com","cluster-id":"piotr-12-16-work","lifespan-update-method":"REPLACE","lifespan":"seconds:28800","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734337731.4094121,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"piotr-12-16-work-gc5gw","lifespan-update-method":"REPLACE","lifespan":"seconds:28800"} +{"level":"info","ts":1734337731.7306652,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"prygiels@redhat.com","cluster-id":"piotr-12-16-work","lifespan-update-method":"REPLACE","lifespan":"seconds:32400","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734337732.1341586,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"piotr-12-16-work-gc5gw","lifespan-update-method":"REPLACE","lifespan":"seconds:32400"} +{"level":"info","ts":1734337733.1884766,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"prygiels@redhat.com","cluster-id":"piotr-12-16-work","lifespan-update-method":"REPLACE","lifespan":"seconds:118800","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734337733.3878207,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"prygiels@redhat.com","cluster-id":"piotr-12-16-work","lifespan-update-method":"REPLACE","lifespan":"seconds:205200","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734337733.6004505,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"prygiels@redhat.com","cluster-id":"piotr-12-16-work","lifespan-update-method":"REPLACE","lifespan":"seconds:291600","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734337733.7818127,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"piotr-12-16-work-gc5gw","lifespan-update-method":"REPLACE","lifespan":"seconds:118800"} +{"level":"info","ts":1734337733.9337347,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"piotr-12-16-work-gc5gw","lifespan-update-method":"REPLACE","lifespan":"seconds:205200"} +{"level":"info","ts":1734337734.0279589,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"piotr-12-16-work-gc5gw","lifespan-update-method":"REPLACE","lifespan":"seconds:291600"} +{"level":"info","ts":1734337734.0643234,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"prygiels@redhat.com","cluster-id":"piotr-12-16-work","lifespan-update-method":"REPLACE","lifespan":"seconds:378000","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734337734.6125083,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"piotr-12-16-work-gc5gw","lifespan-update-method":"REPLACE","lifespan":"seconds:378000"} +{"level":"info","ts":1734339719.1321096,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"rhacs-bot+infra@redhat.com","flavor-id":"gke-default","log-type":"audit","phase":"cluster-create"} +{"level":"info","ts":1734339719.6903188,"caller":"logging/logger.go:88","msg":"a completed argo workflow exists","workflow-name":"long-fake-load-4-6-0-tml9j","cluster-id":"long-fake-load-4-6-0","workflow-phase":"Succeeded"} +{"level":"info","ts":1734339719.6906152,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"gke-default","cluster-id":"long-fake-load-4-6-0","cluster-owner":"rhacs-bot+infra@redhat.com"} +{"level":"info","ts":1734339719.707165,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"long-fake-load-4-6-0-pcr4v","cluster-id":"long-fake-load-4-6-0"} +{"level":"info","ts":1734339719.739017,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"rhacs-bot+infra@redhat.com","flavor-id":"gke-default","log-type":"audit","phase":"cluster-create"} +{"level":"info","ts":1734339720.1518786,"caller":"logging/logger.go:88","msg":"a completed argo workflow exists","workflow-name":"long-real-load-4-6-0-zmfp4","cluster-id":"long-real-load-4-6-0","workflow-phase":"Succeeded"} +{"level":"info","ts":1734339720.1519442,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"gke-default","cluster-id":"long-real-load-4-6-0","cluster-owner":"rhacs-bot+infra@redhat.com"} +{"level":"info","ts":1734339720.165881,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"long-real-load-4-6-0-nj6xh","cluster-id":"long-real-load-4-6-0"} +{"level":"info","ts":1734340034.5016098,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"ghutton@redhat.com","flavor-id":"openshift-4","log-type":"audit","phase":"cluster-create"} +{"level":"info","ts":1734340034.8921165,"caller":"logging/logger.go:88","msg":"could not find an argo workflow to match infra cluster by label","cluster-id":"gdth-12-16-damaging-grass-di"} +time="2024-12-16T09:07:14Z" level=error msg="failed to get live workflow: workflows.argoproj.io \"gdth-12-16-damaging-grass-di\" not found; failed to get archived workflow: rpc error: code = Internal desc = getting archived workflows not supported" +{"level":"info","ts":1734340034.8980205,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"openshift-4","cluster-id":"gdth-12-16-damaging-grass-di","cluster-owner":"ghutton@redhat.com"} +{"level":"info","ts":1734340034.9178183,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"gdth-12-16-damaging-grass-di-pbcrv","cluster-id":"gdth-12-16-damaging-grass-di"} +{"level":"warn","ts":1734340215.7549706,"caller":"logging/logger.go:88","msg":"slack loop took 5.223209264s"} +{"level":"info","ts":1734341046.4768918,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"lvalerom@redhat.com","flavor-id":"openshift-4","log-type":"audit","phase":"cluster-create"} +{"level":"info","ts":1734341046.9810028,"caller":"logging/logger.go:88","msg":"could not find an argo workflow to match infra cluster by label","cluster-id":"lvm-12-16-1"} +time="2024-12-16T09:24:06Z" level=error msg="failed to get live workflow: workflows.argoproj.io \"lvm-12-16-1\" not found; failed to get archived workflow: rpc error: code = Internal desc = getting archived workflows not supported" +{"level":"info","ts":1734341046.9863865,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"openshift-4","cluster-id":"lvm-12-16-1","cluster-owner":"lvalerom@redhat.com"} +{"level":"info","ts":1734341047.0074124,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"lvm-12-16-1-wk8gm","cluster-id":"lvm-12-16-1"} +{"level":"warn","ts":1734341436.8200366,"caller":"logging/logger.go:88","msg":"slack loop took 5.521730686s"} +{"level":"info","ts":1734341630.2915246,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"jschnath@redhat.com","cluster-id":"long-real-load-4-6-0","lifespan-update-method":"REPLACE","lifespan":"seconds:518400","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734341630.4513018,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"jschnath@redhat.com","cluster-id":"long-real-load-4-6-0","lifespan-update-method":"REPLACE","lifespan":"seconds:432000","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734341630.6071322,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"jschnath@redhat.com","cluster-id":"long-real-load-4-6-0","lifespan-update-method":"REPLACE","lifespan":"seconds:345600","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734341630.755104,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"jschnath@redhat.com","cluster-id":"long-real-load-4-6-0","lifespan-update-method":"REPLACE","lifespan":"seconds:259200","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734341630.887406,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"jschnath@redhat.com","cluster-id":"long-real-load-4-6-0","lifespan-update-method":"REPLACE","lifespan":"seconds:172800","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734341630.905779,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"long-real-load-4-6-0-nj6xh","lifespan-update-method":"REPLACE","lifespan":"seconds:518400"} +{"level":"info","ts":1734341631.0321255,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"jschnath@redhat.com","cluster-id":"long-real-load-4-6-0","lifespan-update-method":"REPLACE","lifespan":"seconds:86400","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734341631.1639905,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"jschnath@redhat.com","cluster-id":"long-real-load-4-6-0","lifespan-update-method":"REPLACE","lifespan":"seconds:2840 nanos:995000000","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734341631.2059228,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"long-real-load-4-6-0-nj6xh","lifespan-update-method":"REPLACE","lifespan":"seconds:432000"} +{"level":"info","ts":1734341631.6678326,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"long-real-load-4-6-0-nj6xh","lifespan-update-method":"REPLACE","lifespan":"seconds:259200"} +{"level":"info","ts":1734341631.933895,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"long-real-load-4-6-0-nj6xh","lifespan-update-method":"REPLACE","lifespan":"seconds:345600"} +{"level":"info","ts":1734341631.952875,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"long-real-load-4-6-0-nj6xh","lifespan-update-method":"REPLACE","lifespan":"seconds:172800"} +{"level":"info","ts":1734341632.0277908,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"long-real-load-4-6-0-nj6xh","lifespan-update-method":"REPLACE","lifespan":"seconds:86400"} +{"level":"info","ts":1734341632.1095583,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"long-real-load-4-6-0-nj6xh","lifespan-update-method":"REPLACE","lifespan":"seconds:2840 nanos:995000000"} +{"level":"info","ts":1734342562.8776145,"caller":"logging/logger.go:88","msg":"resuming an argo workflow that has expired","workflow-name":"long-real-load-4-6-0-nj6xh"} +time="2024-12-16T09:49:22Z" level=info msg="Workflow to be dehydrated" Workflow Size=5256 +{"level":"info","ts":1734342949.283974,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"ghutton@redhat.com","cluster-id":"gdth-12-16-damaging-grass-di","lifespan-update-method":"REPLACE","lifespan":"seconds:97200","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734342950.0692072,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"gdth-12-16-damaging-grass-di-pbcrv","lifespan-update-method":"REPLACE","lifespan":"seconds:97200"} +{"level":"info","ts":1734342950.4015908,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"ghutton@redhat.com","cluster-id":"gdth-12-16-damaging-grass-di","lifespan-update-method":"REPLACE","lifespan":"seconds:183600","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734342950.8051054,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"gdth-12-16-damaging-grass-di-pbcrv","lifespan-update-method":"REPLACE","lifespan":"seconds:183600"} +{"level":"warn","ts":1734343233.0543535,"caller":"logging/logger.go:88","msg":"slack loop took 5.01300042s"} +{"level":"info","ts":1734344105.2391815,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"sbaumer@redhat.com","flavor-id":"aks","log-type":"audit","phase":"cluster-create"} +{"level":"info","ts":1734344105.743893,"caller":"logging/logger.go:88","msg":"a completed argo workflow exists","workflow-name":"simon-flakes-6j62s","cluster-id":"simon-flakes","workflow-phase":"Succeeded"} +{"level":"info","ts":1734344105.743973,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"aks","cluster-id":"simon-flakes","cluster-owner":"sbaumer@redhat.com"} +{"level":"info","ts":1734344105.762171,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"simon-flakes-nb2xb","cluster-id":"simon-flakes"} +{"level":"warn","ts":1734344130.8219137,"caller":"logging/logger.go:88","msg":"slack loop took 5.035439447s"} +{"level":"info","ts":1734345505.748293,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"ykovalev@redhat.com","flavor-id":"openshift-4","log-type":"audit","phase":"cluster-create"} +{"level":"info","ts":1734345506.2587364,"caller":"logging/logger.go:88","msg":"could not find an argo workflow to match infra cluster by label","cluster-id":"yk-12-16-former-quicksand-fl"} +time="2024-12-16T10:38:26Z" level=error msg="failed to get live workflow: workflows.argoproj.io \"yk-12-16-former-quicksand-fl\" not found; failed to get archived workflow: rpc error: code = Internal desc = getting archived workflows not supported" +{"level":"info","ts":1734345506.2633533,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"openshift-4","cluster-id":"yk-12-16-former-quicksand-fl","cluster-owner":"ykovalev@redhat.com"} +{"level":"info","ts":1734345506.2836697,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"yk-12-16-former-quicksand-fl-gdpdf","cluster-id":"yk-12-16-former-quicksand-fl"} +{"level":"info","ts":1734345591.8896277,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"dashrews@redhat.com","flavor-id":"openshift-4","log-type":"audit","phase":"cluster-create"} +{"level":"info","ts":1734345592.3060715,"caller":"logging/logger.go:88","msg":"could not find an argo workflow to match infra cluster by label","cluster-id":"ds-12-16-wicked-friction-sch"} +time="2024-12-16T10:39:52Z" level=error msg="failed to get live workflow: workflows.argoproj.io \"ds-12-16-wicked-friction-sch\" not found; failed to get archived workflow: rpc error: code = Internal desc = getting archived workflows not supported" +{"level":"info","ts":1734345592.3110526,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"openshift-4","cluster-id":"ds-12-16-wicked-friction-sch","cluster-owner":"dashrews@redhat.com"} +{"level":"info","ts":1734345592.33113,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"ds-12-16-wicked-friction-sch-8x5px","cluster-id":"ds-12-16-wicked-friction-sch"} +{"level":"info","ts":1734345595.1123981,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"dashrews@redhat.com","cluster-id":"ds-12-16-wicked-friction-sch","lifespan-update-method":"REPLACE","lifespan":"seconds:14400","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734345595.518889,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"ds-12-16-wicked-friction-sch-8x5px","lifespan-update-method":"REPLACE","lifespan":"seconds:14400"} +{"level":"info","ts":1734345595.586247,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"dashrews@redhat.com","cluster-id":"ds-12-16-wicked-friction-sch","lifespan-update-method":"REPLACE","lifespan":"seconds:18000","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734345595.7765622,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"dashrews@redhat.com","cluster-id":"ds-12-16-wicked-friction-sch","lifespan-update-method":"REPLACE","lifespan":"seconds:21600","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734345595.9549108,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"dashrews@redhat.com","cluster-id":"ds-12-16-wicked-friction-sch","lifespan-update-method":"REPLACE","lifespan":"seconds:25200","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734345596.1189835,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"dashrews@redhat.com","cluster-id":"ds-12-16-wicked-friction-sch","lifespan-update-method":"REPLACE","lifespan":"seconds:28800","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734345596.2803054,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"ds-12-16-wicked-friction-sch-8x5px","lifespan-update-method":"REPLACE","lifespan":"seconds:18000"} +{"level":"info","ts":1734345596.293105,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"dashrews@redhat.com","cluster-id":"ds-12-16-wicked-friction-sch","lifespan-update-method":"REPLACE","lifespan":"seconds:32400","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734345596.4726374,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"dashrews@redhat.com","cluster-id":"ds-12-16-wicked-friction-sch","lifespan-update-method":"REPLACE","lifespan":"seconds:36000","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734345596.7700825,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"ds-12-16-wicked-friction-sch-8x5px","lifespan-update-method":"REPLACE","lifespan":"seconds:21600"} +{"level":"info","ts":1734345597.1007645,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"dashrews@redhat.com","cluster-id":"ds-12-16-wicked-friction-sch","lifespan-update-method":"REPLACE","lifespan":"seconds:39600","log-type":"audit","phase":"cluster-lifespan"} +{"level":"info","ts":1734345597.1851423,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"ds-12-16-wicked-friction-sch-8x5px","lifespan-update-method":"REPLACE","lifespan":"seconds:25200"} +{"level":"info","ts":1734345597.2919006,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"ds-12-16-wicked-friction-sch-8x5px","lifespan-update-method":"REPLACE","lifespan":"seconds:28800"} +{"level":"info","ts":1734345597.6990407,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"ds-12-16-wicked-friction-sch-8x5px","lifespan-update-method":"REPLACE","lifespan":"seconds:36000"} +{"level":"info","ts":1734345598.1702433,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"ds-12-16-wicked-friction-sch-8x5px","lifespan-update-method":"REPLACE","lifespan":"seconds:39600"} +{"level":"info","ts":1734345598.2100046,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"ds-12-16-wicked-friction-sch-8x5px","lifespan-update-method":"REPLACE","lifespan":"seconds:32400"} +{"level":"warn","ts":1734348629.8598251,"caller":"logging/logger.go:88","msg":"slack loop took 5.098499987s"} +{"level":"warn","ts":1734349016.8048606,"caller":"logging/logger.go:88","msg":"slack loop took 5.193428536s"} +{"level":"warn","ts":1734349918.8334134,"caller":"logging/logger.go:88","msg":"slack loop took 5.731238051s"} +{"level":"warn","ts":1734350435.6081874,"caller":"logging/logger.go:88","msg":"slack loop took 6.860983283s"} +{"level":"warn","ts":1734350758.6938698,"caller":"logging/logger.go:88","msg":"slack loop took 5.466065565s"} +{"level":"info","ts":1734352188.9313006,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"mtodorov@redhat.com","flavor-id":"gke-default","log-type":"audit","phase":"cluster-create"} +{"level":"info","ts":1734352189.5647554,"caller":"logging/logger.go:88","msg":"could not find an argo workflow to match infra cluster by label","cluster-id":"mt-12-16-1"} +time="2024-12-16T12:29:49Z" level=error msg="failed to get live workflow: workflows.argoproj.io \"mt-12-16-1\" not found; failed to get archived workflow: rpc error: code = Internal desc = getting archived workflows not supported" +{"level":"info","ts":1734352189.5700264,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"gke-default","cluster-id":"mt-12-16-1","cluster-owner":"mtodorov@redhat.com"} +{"level":"info","ts":1734352189.5879223,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"mt-12-16-1-mxrb5","cluster-id":"mt-12-16-1"} +{"level":"warn","ts":1734352757.7376175,"caller":"logging/logger.go:88","msg":"slack loop took 5.036723161s"} +{"level":"info","ts":1734352812.101843,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"jmalsam@redhat.com","flavor-id":"osd-on-aws","log-type":"audit","phase":"cluster-create"} +{"level":"info","ts":1734352812.5804021,"caller":"logging/logger.go:88","msg":"a completed argo workflow exists","workflow-name":"jm-migration-1-tqj6c","cluster-id":"jm-migration-1","workflow-phase":"Succeeded"} +{"level":"info","ts":1734352812.5808156,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"osd-on-aws","cluster-id":"jm-migration-1","cluster-owner":"jmalsam@redhat.com"} +{"level":"info","ts":1734352812.6002316,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"jm-migration-1-l9ckk","cluster-id":"jm-migration-1"} +{"level":"warn","ts":1734352823.656078,"caller":"logging/logger.go:88","msg":"slack loop took 5.918170411s"} +{"level":"info","ts":1734352827.75775,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"jmalsam@redhat.com","flavor-id":"osd-on-aws","log-type":"audit","phase":"cluster-create"} +{"level":"info","ts":1734352828.2269843,"caller":"logging/logger.go:88","msg":"a completed argo workflow exists","workflow-name":"jm-migration-2-cfjbz","cluster-id":"jm-migration-2","workflow-phase":"Succeeded"} +{"level":"info","ts":1734352828.227051,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"osd-on-aws","cluster-id":"jm-migration-2","cluster-owner":"jmalsam@redhat.com"} +{"level":"info","ts":1734352828.2425134,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"jm-migration-2-s7nh6","cluster-id":"jm-migration-2"} +{"level":"warn","ts":1734353276.5686252,"caller":"logging/logger.go:88","msg":"slack loop took 5.263049608s"} +{"level":"warn","ts":1734353794.465294,"caller":"logging/logger.go:88","msg":"slack loop took 6.313127945s"} +{"level":"warn","ts":1734354053.4361181,"caller":"logging/logger.go:88","msg":"slack loop took 5.314350066s"} +{"level":"warn","ts":1734354442.080201,"caller":"logging/logger.go:88","msg":"slack loop took 5.156349754s"} +{"level":"warn","ts":1734354507.169951,"caller":"logging/logger.go:88","msg":"slack loop took 5.088552814s"} diff --git a/sample-snapshot-minimal.yml b/sample-snapshot-minimal.yml new file mode 100644 index 0000000000000..6e7211311c535 --- /dev/null +++ b/sample-snapshot-minimal.yml @@ -0,0 +1,14 @@ +apiVersion: appstudio.redhat.com/v1alpha1 +kind: Snapshot +metadata: + name: tm-acs-4-6-0-2 + namespace: rh-acs-tenant +spec: + application: acs-4-6 + components: + - containerImage: quay.io/rhacs-eng/scanner-slim@sha256:7b8e00ffbad318ff0aca32ba484eaf9493335d26195938704fb25efc73d36302 + name: scanner-slim-4-6 + source: + git: + revision: 9d8e7dafce + url: https://github.com/stackrox/scanner diff --git a/sample-snapshot.yaml b/sample-snapshot.yaml new file mode 100644 index 0000000000000..b8de58e4411cb --- /dev/null +++ b/sample-snapshot.yaml @@ -0,0 +1,149 @@ +apiVersion: appstudio.redhat.com/v1alpha1 +kind: Snapshot +metadata: + annotations: + build.appstudio.openshift.io/repo: https://github.com/stackrox/stackrox?rev=ef6d50dfa46dd7407fcc468f7b7d8decb971bb4c + build.appstudio.redhat.com/commit_sha: ef6d50dfa46dd7407fcc468f7b7d8decb971bb4c + build.appstudio.redhat.com/pull_request_number: "13565" + build.appstudio.redhat.com/target_branch: release-4.6 + pac.test.appstudio.openshift.io/branch: release-4.6 + pac.test.appstudio.openshift.io/check-run-id: "34177427431" + pac.test.appstudio.openshift.io/controller-info: '{"name":"default","configmap":"pipelines-as-code","secret":"pipelines-as-code-secret", + "gRepo": "pipelines-as-code"}' + pac.test.appstudio.openshift.io/event-type: pull_request + pac.test.appstudio.openshift.io/git-auth-secret: pac-gitauth-jnmpcc + pac.test.appstudio.openshift.io/git-provider: github + pac.test.appstudio.openshift.io/installation-id: "41511273" + pac.test.appstudio.openshift.io/log-url: https://console.redhat.com/application-pipeline/ns/rh-acs-tenant/pipelinerun/scanner-v4-on-push-6p9nz + pac.test.appstudio.openshift.io/max-keep-runs: "500" + pac.test.appstudio.openshift.io/on-cel-expression: | + event == "pull_request" || ( + event == "push" && ( + source_branch.startsWith("release-") || + target_branch.startsWith("refs/tags/") + ) + ) + pac.test.appstudio.openshift.io/original-prname: scanner-v4-on-push + pac.test.appstudio.openshift.io/pull-request: "13565" + pac.test.appstudio.openshift.io/repo-url: https://github.com/stackrox/stackrox + pac.test.appstudio.openshift.io/repository: main + pac.test.appstudio.openshift.io/sender: rhybrillou + pac.test.appstudio.openshift.io/sha: ef6d50dfa46dd7407fcc468f7b7d8decb971bb4c + pac.test.appstudio.openshift.io/sha-title: Update CHANGELOG.md + pac.test.appstudio.openshift.io/sha-url: https://github.com/stackrox/stackrox/commit/ef6d50dfa46dd7407fcc468f7b7d8decb971bb4c + pac.test.appstudio.openshift.io/source-branch: rhybrillou-4.6.1-changelog + pac.test.appstudio.openshift.io/source-repo-url: https://github.com/stackrox/stackrox + pac.test.appstudio.openshift.io/state: completed + pac.test.appstudio.openshift.io/url-org: stackrox + pac.test.appstudio.openshift.io/url-repository: stackrox + test.appstudio.openshift.io/create-groupsnapshot-status: build PLR main-on-push-pdtw8 + failed for component main-4-6 so it can't be added to the group Snapshot for + PR group rhybrillou-4.6.1-changelog + test.appstudio.openshift.io/git-reporter-status: '{"scenarios":{"acs-enterprise-contract-4-6-acs-4-6-2gqvj":{"lastUpdateTime":"2024-12-10T08:46:50.193266481Z"}}}' + test.appstudio.openshift.io/pipelinerunstarttime: "1733818121" + test.appstudio.openshift.io/pr-group: rhybrillou-4.6.1-changelog + test.appstudio.openshift.io/source-repo-url: https://github.com/stackrox/stackrox + test.appstudio.openshift.io/status: '[{"scenario":"acs-enterprise-contract-4-6","status":"TestFail","lastUpdateTime":"2024-12-10T08:46:50.193266481Z","details":"Integration + test failed","startTime":"2024-12-10T08:36:13.232657754Z","completionTime":"2024-12-10T08:46:50.193266481Z","testPipelineRunName":"acs-enterprise-contract-4-6-5h49x"}]' + creationTimestamp: "2024-12-10T08:36:13Z" + generateName: acs-4-6- + generation: 1 + labels: + appstudio.openshift.io/application: acs-4-6 + appstudio.openshift.io/build-pipelinerun: scanner-v4-on-push-6p9nz + appstudio.openshift.io/component: scanner-v4-4-6 + pac.test.appstudio.openshift.io/check-run-id: "34177427431" + pac.test.appstudio.openshift.io/event-type: pull_request + pac.test.appstudio.openshift.io/original-prname: scanner-v4-on-push + pac.test.appstudio.openshift.io/pull-request: "13565" + pac.test.appstudio.openshift.io/repository: main + pac.test.appstudio.openshift.io/sha: ef6d50dfa46dd7407fcc468f7b7d8decb971bb4c + pac.test.appstudio.openshift.io/state: completed + pac.test.appstudio.openshift.io/url-org: stackrox + pac.test.appstudio.openshift.io/url-repository: stackrox + test.appstudio.openshift.io/pipelinerunfinishtime: "1733819742" + test.appstudio.openshift.io/pr-group-sha: fd22bb1a5c6eef9440db2556a7d62f04dcd801cb581ea30493e4e19868bb34 + test.appstudio.openshift.io/type: component + name: acs-4-6-2gqvj + namespace: rh-acs-tenant + ownerReferences: + - apiVersion: appstudio.redhat.com/v1alpha1 + blockOwnerDeletion: true + controller: true + kind: Application + name: acs-4-6 + uid: 34ce9f29-8c6b-4450-aaec-b4459b34f79f + resourceVersion: "2816698750" + uid: d9d97f9c-5846-4ae9-83a9-ef866700aa28 +spec: + application: acs-4-6 + artifacts: {} + components: + - containerImage: quay.io/rhacs-eng/scanner-slim@sha256:7b8e00ffbad318ff0aca32ba484eaf9493335d26195938704fb25efc73d36302 + name: scanner-slim-4-6 + source: + git: + dockerfileUrl: image/scanner/rhel/konflux.Dockerfile + revision: 9d8e7dafceafb8a4cdfcbc1beeeb1e3fb26cce56 + url: https://github.com/stackrox/scanner + - containerImage: quay.io/rhacs-eng/scanner-v4@sha256:c2ada6227ad865379387ddfdfaa91d281898aaf59d39c898246b700638b4d585 + name: scanner-v4-4-6 + source: + git: + revision: ef6d50dfa46dd7407fcc468f7b7d8decb971bb4c + url: https://github.com/stackrox/stackrox + - containerImage: quay.io/rhacs-eng/scanner-v4-db@sha256:990113268287aff396cb90027dcbee16f828f949032922c815581d1a5eee3a67 + name: scanner-v4-db-4-6 + source: + git: + dockerfileUrl: scanner/image/db/konflux.Dockerfile + revision: 3cb0a1ce685019658b653690238dd0e3e3440780 + url: https://github.com/stackrox/stackrox + - containerImage: quay.io/rhacs-eng/central-db@sha256:f89e30351ee725c41b627e0c0ab3ac1d5184fbe7653d5e8ef8226c614dc80f34 + name: central-db-4-6 + source: + git: + dockerfileUrl: image/postgres/konflux.Dockerfile + revision: 954811fdc76ecd258e484e8e7db868186832f8f5 + url: https://github.com/stackrox/stackrox + - containerImage: quay.io/rhacs-eng/roxctl@sha256:f093e6155084d05d343d7c1ef2133e634d0680f0cb564ab067ebcdc4c23e5b86 + name: roxctl-4-6 + source: + git: + dockerfileUrl: image/roxctl/konflux.Dockerfile + revision: dcb9cf5292b359aeba77e9b24c38279ad5d4badd + url: https://github.com/stackrox/stackrox + - containerImage: quay.io/rhacs-eng/collector@sha256:1452d5407db21271699f2ab9c29ea204817ee3eaaece159bdb60cd3cf168c14e + name: collector-4-6 + source: + git: + dockerfileUrl: collector/container/konflux.Dockerfile + revision: e8c795eb0658afa37650d9ad51c8f64967c940da + url: https://github.com/stackrox/collector + - containerImage: quay.io/rhacs-eng/stackrox-operator@sha256:275682aa268f30df2ef8017a3de37b908e9f58deec203eb517f9dc5a92486d77 + name: operator-4-6 + source: + git: + dockerfileUrl: operator/konflux.Dockerfile + revision: 8decc6f98b9162fe30850b54010ab01e35279933 + url: https://github.com/stackrox/stackrox + - containerImage: quay.io/rhacs-eng/scanner-db@sha256:44aeebbcb26f1dec7dd0035be702710c8c84c27f3361f58e067a51138168bc06 + name: scanner-db-4-6 + source: + git: + dockerfileUrl: image/db/rhel/konflux.Dockerfile + revision: 072b9e250183ee819d11098087c7163489a31029 + url: https://github.com/stackrox/scanner +status: + conditions: + - lastTransitionTime: "2024-12-10T08:46:50Z" + message: Snapshot integration status condition is finished since all testing pipelines + completed + reason: Finished + status: "True" + type: AppStudioIntegrationStatus + - lastTransitionTime: "2024-12-10T08:46:50Z" + message: Some Integration pipeline tests failed + reason: Failed + status: "False" + type: AppStudioTestSucceeded diff --git a/snapshot.json b/snapshot.json new file mode 100644 index 0000000000000..bc290f67293e8 --- /dev/null +++ b/snapshot.json @@ -0,0 +1 @@ +{"apiVersion": "appstudio.redhat.com/v1alpha1", "kind": "Snapshot", "metadata": {"name": "tm-acs-4-6-1734082755"}, "spec": {"application": "acs-4-6", "components": [{"containerImage": "", "name": "scanner-4-6", "source": {"git": {"revision": "", "url": ""}}}]}} \ No newline at end of file From 22fa6b5185b222b147cb503897ec5fe83b3b2365 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Mon, 16 Dec 2024 15:57:37 +0100 Subject: [PATCH 37/92] remove superfluous files --- file.txt | 1 - logs.txt | 233 ------------------------------------ sample-snapshot-minimal.yml | 14 --- sample-snapshot.yaml | 149 ----------------------- 4 files changed, 397 deletions(-) delete mode 100644 file.txt delete mode 100644 logs.txt delete mode 100644 sample-snapshot-minimal.yml delete mode 100644 sample-snapshot.yaml diff --git a/file.txt b/file.txt deleted file mode 100644 index deba01fc8d982..0000000000000 --- a/file.txt +++ /dev/null @@ -1 +0,0 @@ -something diff --git a/logs.txt b/logs.txt deleted file mode 100644 index 164a9955542f4..0000000000000 --- a/logs.txt +++ /dev/null @@ -1,233 +0,0 @@ -{"level":"info","ts":1734167930.11061,"caller":"logging/logger.go:88","msg":"starting infra server","version":"0.10.44"} -{"level":"info","ts":1734167930.1361732,"caller":"logging/logger.go:88","msg":"registered flavor","flavor-id":"demo","flavor-name":"StackRox Demo"} -{"level":"info","ts":1734167930.1362557,"caller":"logging/logger.go:88","msg":"registered default flavor","flavor-id":"demo","flavor-name":"StackRox Demo"} -{"level":"info","ts":1734167930.139517,"caller":"logging/logger.go:88","msg":"registered flavor","flavor-id":"qa-demo","flavor-name":"StackRox Demo for QA testing"} -{"level":"info","ts":1734167930.1413038,"caller":"logging/logger.go:88","msg":"registered flavor","flavor-id":"gke-default","flavor-name":"GKE Default"} -{"level":"info","ts":1734167930.1434097,"caller":"logging/logger.go:88","msg":"registered flavor","flavor-id":"openshift-4","flavor-name":"OpenShift 4.x"} -{"level":"info","ts":1734167930.1472514,"caller":"logging/logger.go:88","msg":"registered flavor","flavor-id":"openshift-4-demo","flavor-name":"OpenShift 4.x Demo"} -{"level":"info","ts":1734167930.1496708,"caller":"logging/logger.go:88","msg":"registered flavor","flavor-id":"openshift-4-perf-scale","flavor-name":"OpenShift 4.x Perf&Scale"} -{"level":"info","ts":1734167930.1521616,"caller":"logging/logger.go:88","msg":"registered flavor","flavor-id":"eks","flavor-name":"EKS"} -{"level":"info","ts":1734167930.153991,"caller":"logging/logger.go:88","msg":"registered flavor","flavor-id":"aks","flavor-name":"AKS"} -{"level":"info","ts":1734167930.1558964,"caller":"logging/logger.go:88","msg":"registered flavor","flavor-id":"aro","flavor-name":"ARO"} -{"level":"info","ts":1734167930.1578908,"caller":"logging/logger.go:88","msg":"registered flavor","flavor-id":"rosa","flavor-name":"ROSA"} -{"level":"info","ts":1734167930.1598818,"caller":"logging/logger.go:88","msg":"registered flavor","flavor-id":"rosahcp","flavor-name":"Hypershift on ROSA (HCP)"} -{"level":"info","ts":1734167930.1622593,"caller":"logging/logger.go:88","msg":"registered flavor","flavor-id":"osd-on-aws","flavor-name":"OSD on AWS"} -{"level":"info","ts":1734167930.1641128,"caller":"logging/logger.go:88","msg":"registered flavor","flavor-id":"osd-on-gcp","flavor-name":"OSD on GCP"} -{"level":"info","ts":1734167930.1660697,"caller":"logging/logger.go:88","msg":"registered flavor","flavor-id":"ibmroks","flavor-name":"IBM ROKS"} -{"level":"info","ts":1734167930.8129487,"caller":"logging/logger.go:88","msg":"enabled Slack integration"} -{"level":"info","ts":1734167930.8132737,"caller":"logging/logger.go:88","msg":"enabled BigQuery integration"} -{"level":"info","ts":1734167930.8162975,"caller":"logging/logger.go:88","msg":"starting gRPC server","listen-address":"0.0.0.0:8443"} -{"level":"info","ts":1734167930.8166072,"caller":"logging/logger.go:88","msg":"starting gRPC-Gateway client","connect-address":"localhost:8443"} -{"level":"info","ts":1734167930.8198426,"caller":"server/server.go:89","msg":"starting metrics server","listenAddress":"0.0.0.0:9101"} -{"level":"warn","ts":1734167937.8321078,"caller":"logging/logger.go:88","msg":"slack loop took 7.013176047s"} -{"level":"warn","ts":1734171794.021888,"caller":"logging/logger.go:88","msg":"slack loop took 5.086581529s"} -{"level":"warn","ts":1734174044.247585,"caller":"logging/logger.go:88","msg":"slack loop took 5.191157657s"} -{"level":"warn","ts":1734176813.0653925,"caller":"logging/logger.go:88","msg":"slack loop took 5.090979639s"} -{"level":"warn","ts":1734184805.9805698,"caller":"logging/logger.go:88","msg":"slack loop took 7.186899299s"} -{"level":"warn","ts":1734185451.4227679,"caller":"logging/logger.go:88","msg":"slack loop took 5.491284842s"} -{"level":"info","ts":1734185683.2187712,"caller":"logging/logger.go:88","msg":"resuming an argo workflow that has expired","workflow-name":"gdth-12-10-profuse-replaceme-fbkhp"} -time="2024-12-14T14:14:43Z" level=info msg="Workflow to be dehydrated" Workflow Size=8881 -{"level":"warn","ts":1734186033.1086137,"caller":"logging/logger.go:88","msg":"slack loop took 5.212026812s"} -{"level":"warn","ts":1734188413.9714744,"caller":"logging/logger.go:88","msg":"slack loop took 5.593209588s"} -{"level":"warn","ts":1734192013.559057,"caller":"logging/logger.go:88","msg":"slack loop took 5.541082784s"} -{"level":"warn","ts":1734195615.546251,"caller":"logging/logger.go:88","msg":"slack loop took 5.944798931s"} -{"level":"warn","ts":1734195873.517076,"caller":"logging/logger.go:88","msg":"slack loop took 5.102843278s"} -{"level":"warn","ts":1734199212.9040923,"caller":"logging/logger.go:88","msg":"slack loop took 5.624560477s"} -{"level":"warn","ts":1734200433.7573,"caller":"logging/logger.go:88","msg":"slack loop took 5.058267654s"} -{"level":"warn","ts":1734201078.048799,"caller":"logging/logger.go:88","msg":"slack loop took 5.012268769s"} -{"level":"warn","ts":1734202813.6826007,"caller":"logging/logger.go:88","msg":"slack loop took 5.776847418s"} -{"level":"info","ts":1734206231.4521222,"caller":"logging/logger.go:88","msg":"resuming an argo workflow that has expired","workflow-name":"rt-12-09-tacit-beam-long-jv2c9"} -time="2024-12-14T19:57:11Z" level=info msg="Workflow to be dehydrated" Workflow Size=8609 -{"level":"warn","ts":1734206409.6140459,"caller":"logging/logger.go:88","msg":"slack loop took 5.000561787s"} -{"level":"warn","ts":1734206609.6953154,"caller":"logging/logger.go:88","msg":"slack generic get user by email error","email":"rhacs-bot+infra@redhat.com","error":"slack server error: 500 Internal Server Error"} -{"level":"warn","ts":1734206611.715718,"caller":"logging/logger.go:88","msg":"slack loop took 14.143898647s"} -{"level":"info","ts":1734207638.308978,"caller":"logging/logger.go:88","msg":"resuming an argo workflow that has expired","workflow-name":"jv-12-09-ocp-xl4cd"} -time="2024-12-14T20:20:38Z" level=info msg="Workflow to be dehydrated" Workflow Size=7796 -{"level":"info","ts":1734210634.1133995,"caller":"logging/logger.go:88","msg":"resuming an argo workflow that has expired","workflow-name":"ds-12-09-woebegone-sort-box-dfhzj"} -time="2024-12-14T21:10:34Z" level=info msg="Workflow to be dehydrated" Workflow Size=5542 -{"level":"warn","ts":1734211345.8183193,"caller":"logging/logger.go:88","msg":"slack loop took 5.240203755s"} -{"level":"info","ts":1734215099.9679441,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"shesselm@redhat.com","cluster-id":"sh-12-09-1","lifespan-update-method":"ADD","lifespan":"seconds:172800","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734215100.486906,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"sh-12-09-1-29868","lifespan-update-method":"ADD","lifespan":"seconds:172800"} -{"level":"warn","ts":1734228014.5121148,"caller":"logging/logger.go:88","msg":"slack loop took 5.482216891s"} -{"level":"warn","ts":1734230123.203568,"caller":"logging/logger.go:88","msg":"slack loop took 5.053067776s"} -{"level":"info","ts":1734238972.5657942,"caller":"logging/logger.go:88","msg":"could not find an argo workflow to match infra cluster by label","cluster-id":"central-login-12336008334"} -time="2024-12-15T05:02:52Z" level=error msg="failed to get live workflow: workflows.argoproj.io \"central-login-12336008334\" not found; failed to get archived workflow: rpc error: code = Internal desc = getting archived workflows not supported" -{"level":"info","ts":1734238972.8001893,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"rhacs-bot+infra@redhat.com","flavor-id":"qa-demo","log-type":"audit","phase":"cluster-create"} -{"level":"info","ts":1734238973.2089128,"caller":"logging/logger.go:88","msg":"could not find an argo workflow to match infra cluster by label","cluster-id":"central-login-12336008334"} -time="2024-12-15T05:02:53Z" level=error msg="failed to get live workflow: workflows.argoproj.io \"central-login-12336008334\" not found; failed to get archived workflow: rpc error: code = Internal desc = getting archived workflows not supported" -{"level":"info","ts":1734238973.215124,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"qa-demo","cluster-id":"central-login-12336008334","cluster-owner":"rhacs-bot+infra@redhat.com"} -{"level":"info","ts":1734238973.2504823,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"central-login-12336008334-wwt2d","cluster-id":"central-login-12336008334"} -{"level":"info","ts":1734239082.4723105,"caller":"logging/logger.go:88","msg":"could not find an argo workflow to match infra cluster by label","cluster-id":"jenkins-plugin-12336003189"} -time="2024-12-15T05:04:42Z" level=error msg="failed to get live workflow: workflows.argoproj.io \"jenkins-plugin-12336003189\" not found; failed to get archived workflow: rpc error: code = Internal desc = getting archived workflows not supported" -{"level":"info","ts":1734239082.8671625,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"rhacs-bot+infra@redhat.com","flavor-id":"qa-demo","log-type":"audit","phase":"cluster-create"} -{"level":"info","ts":1734239083.280192,"caller":"logging/logger.go:88","msg":"could not find an argo workflow to match infra cluster by label","cluster-id":"jenkins-plugin-12336003189"} -time="2024-12-15T05:04:43Z" level=error msg="failed to get live workflow: workflows.argoproj.io \"jenkins-plugin-12336003189\" not found; failed to get archived workflow: rpc error: code = Internal desc = getting archived workflows not supported" -{"level":"info","ts":1734239083.2855456,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"qa-demo","cluster-id":"jenkins-plugin-12336003189","cluster-owner":"rhacs-bot+infra@redhat.com"} -{"level":"info","ts":1734239083.3061798,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"jenkins-plugin-12336003189-54z67","cluster-id":"jenkins-plugin-12336003189"} -{"level":"warn","ts":1734240029.2872643,"caller":"logging/logger.go:88","msg":"slack loop took 8.526151722s"} -{"level":"warn","ts":1734240350.2812488,"caller":"logging/logger.go:88","msg":"slack loop took 5.117674117s"} -{"level":"info","ts":1734240469.4299254,"caller":"logging/logger.go:88","msg":"received a delete request for infra cluster","actor":"rhacs-bot+infra@redhat.com","cluster-id":"jenkins-plugin-12336003189","log-type":"audit","phase":"cluster-delete"} -{"level":"info","ts":1734240469.8591003,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"jenkins-plugin-12336003189-54z67","lifespan-update-method":"REPLACE","lifespan":""} -{"level":"info","ts":1734240469.8762,"caller":"logging/logger.go:88","msg":"resuming argo workflow","workflow-name":"jenkins-plugin-12336003189-54z67"} -time="2024-12-15T05:27:49Z" level=info msg="Workflow to be dehydrated" Workflow Size=9085 -{"level":"info","ts":1734242608.2424219,"caller":"logging/logger.go:88","msg":"resuming an argo workflow that has expired","workflow-name":"central-login-12336008334-wwt2d"} -time="2024-12-15T06:03:28Z" level=info msg="Workflow to be dehydrated" Workflow Size=9019 -{"level":"warn","ts":1734249183.170314,"caller":"logging/logger.go:88","msg":"slack loop took 7.212962848s"} -{"level":"info","ts":1734270245.6150892,"caller":"logging/logger.go:88","msg":"resuming an argo workflow that has expired","workflow-name":"qa-k8s-4-6-1-rc-3-2r4d9"} -time="2024-12-15T13:44:05Z" level=info msg="Workflow to be dehydrated" Workflow Size=8491 -{"level":"info","ts":1734270246.0988765,"caller":"logging/logger.go:88","msg":"resuming an argo workflow that has expired","workflow-name":"openshift-4-demo-4-6-1-rc-3-qqql6"} -time="2024-12-15T13:44:06Z" level=info msg="Workflow to be dehydrated" Workflow Size=49495 -{"level":"warn","ts":1734270277.7807527,"caller":"logging/logger.go:88","msg":"slack loop took 5.32820576s"} -{"level":"warn","ts":1734272441.4188654,"caller":"logging/logger.go:88","msg":"slack generic get user by email error","email":"rhacs-bot+infra@redhat.com","error":"slack server error: 500 Internal Server Error"} -{"level":"warn","ts":1734272443.2589371,"caller":"logging/logger.go:88","msg":"slack loop took 13.189567206s"} -{"level":"info","ts":1734302314.990824,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"dcaravel@redhat.com","flavor-id":"openshift-4","log-type":"audit","phase":"cluster-create"} -{"level":"info","ts":1734302315.391594,"caller":"logging/logger.go:88","msg":"could not find an argo workflow to match infra cluster by label","cluster-id":"dc-12-15-1"} -time="2024-12-15T22:38:35Z" level=error msg="failed to get live workflow: workflows.argoproj.io \"dc-12-15-1\" not found; failed to get archived workflow: rpc error: code = Internal desc = getting archived workflows not supported" -{"level":"info","ts":1734302315.3971422,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"openshift-4","cluster-id":"dc-12-15-1","cluster-owner":"dcaravel@redhat.com"} -{"level":"info","ts":1734302315.420301,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"dc-12-15-1-6btpj","cluster-id":"dc-12-15-1"} -{"level":"info","ts":1734302339.0222907,"caller":"logging/logger.go:88","msg":"resuming an argo workflow that has expired","workflow-name":"jvdm-chum-v6wgg"} -time="2024-12-15T22:38:59Z" level=info msg="Workflow to be dehydrated" Workflow Size=7583 -{"level":"info","ts":1734305168.9422233,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"dcaravel@redhat.com","cluster-id":"dc-12-15-1","lifespan-update-method":"REPLACE","lifespan":"seconds:43200","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734305169.489347,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"dc-12-15-1-6btpj","lifespan-update-method":"REPLACE","lifespan":"seconds:43200"} -{"level":"info","ts":1734305205.869775,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"dcaravel@redhat.com","cluster-id":"dc-12-15-1","lifespan-update-method":"ADD","lifespan":"seconds:172800","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734305206.2636771,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"dc-12-15-1-6btpj","lifespan-update-method":"ADD","lifespan":"seconds:172800"} -{"level":"info","ts":1734325513.3546999,"caller":"logging/logger.go:88","msg":"could not find an argo workflow to match infra cluster by label","cluster-id":"jenkins-plugin-12346245659"} -time="2024-12-16T05:05:13Z" level=error msg="failed to get live workflow: workflows.argoproj.io \"jenkins-plugin-12346245659\" not found; failed to get archived workflow: rpc error: code = Internal desc = getting archived workflows not supported" -{"level":"info","ts":1734325513.6787367,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"rhacs-bot+infra@redhat.com","flavor-id":"qa-demo","log-type":"audit","phase":"cluster-create"} -{"level":"info","ts":1734325514.1492295,"caller":"logging/logger.go:88","msg":"could not find an argo workflow to match infra cluster by label","cluster-id":"jenkins-plugin-12346245659"} -time="2024-12-16T05:05:14Z" level=error msg="failed to get live workflow: workflows.argoproj.io \"jenkins-plugin-12346245659\" not found; failed to get archived workflow: rpc error: code = Internal desc = getting archived workflows not supported" -{"level":"info","ts":1734325514.161289,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"qa-demo","cluster-id":"jenkins-plugin-12346245659","cluster-owner":"rhacs-bot+infra@redhat.com"} -{"level":"info","ts":1734325514.1972096,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"jenkins-plugin-12346245659-ph9sj","cluster-id":"jenkins-plugin-12346245659"} -{"level":"info","ts":1734326930.0038364,"caller":"logging/logger.go:88","msg":"received a delete request for infra cluster","actor":"rhacs-bot+infra@redhat.com","cluster-id":"jenkins-plugin-12346245659","log-type":"audit","phase":"cluster-delete"} -{"level":"info","ts":1734326930.40942,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"jenkins-plugin-12346245659-ph9sj","lifespan-update-method":"REPLACE","lifespan":""} -{"level":"info","ts":1734326930.42742,"caller":"logging/logger.go:88","msg":"resuming argo workflow","workflow-name":"jenkins-plugin-12346245659-ph9sj"} -time="2024-12-16T05:28:50Z" level=info msg="Workflow to be dehydrated" Workflow Size=9091 -{"level":"info","ts":1734333081.50989,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"jvirtane@redhat.com","flavor-id":"openshift-4","log-type":"audit","phase":"cluster-create"} -{"level":"info","ts":1734333081.912259,"caller":"logging/logger.go:88","msg":"could not find an argo workflow to match infra cluster by label","cluster-id":"jv-12-15-ocp"} -time="2024-12-16T07:11:21Z" level=error msg="failed to get live workflow: workflows.argoproj.io \"jv-12-15-ocp\" not found; failed to get archived workflow: rpc error: code = Internal desc = getting archived workflows not supported" -{"level":"info","ts":1734333081.9169064,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"openshift-4","cluster-id":"jv-12-15-ocp","cluster-owner":"jvirtane@redhat.com"} -{"level":"info","ts":1734333081.9358597,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"jv-12-15-ocp-d6jst","cluster-id":"jv-12-15-ocp"} -{"level":"info","ts":1734337701.9519358,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"jvirtane@redhat.com","cluster-id":"jv-12-15-ocp","lifespan-update-method":"ADD","lifespan":"seconds:172800","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734337702.4857795,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"jv-12-15-ocp-d6jst","lifespan-update-method":"ADD","lifespan":"seconds:172800"} -{"level":"info","ts":1734337725.113304,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"prygiels@redhat.com","flavor-id":"openshift-4","log-type":"audit","phase":"cluster-create"} -{"level":"info","ts":1734337725.6288273,"caller":"logging/logger.go:88","msg":"could not find an argo workflow to match infra cluster by label","cluster-id":"piotr-12-16-work"} -time="2024-12-16T08:28:45Z" level=error msg="failed to get live workflow: workflows.argoproj.io \"piotr-12-16-work\" not found; failed to get archived workflow: rpc error: code = Internal desc = getting archived workflows not supported" -{"level":"info","ts":1734337725.6357338,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"openshift-4","cluster-id":"piotr-12-16-work","cluster-owner":"prygiels@redhat.com"} -{"level":"info","ts":1734337725.6557422,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"piotr-12-16-work-gc5gw","cluster-id":"piotr-12-16-work"} -{"level":"info","ts":1734337729.2900555,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"prygiels@redhat.com","cluster-id":"piotr-12-16-work","lifespan-update-method":"REPLACE","lifespan":"seconds:14400","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734337729.6726356,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"prygiels@redhat.com","cluster-id":"piotr-12-16-work","lifespan-update-method":"REPLACE","lifespan":"seconds:18000","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734337729.7261958,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"piotr-12-16-work-gc5gw","lifespan-update-method":"REPLACE","lifespan":"seconds:14400"} -{"level":"info","ts":1734337730.032325,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"prygiels@redhat.com","cluster-id":"piotr-12-16-work","lifespan-update-method":"REPLACE","lifespan":"seconds:21600","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734337730.2071147,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"piotr-12-16-work-gc5gw","lifespan-update-method":"REPLACE","lifespan":"seconds:18000"} -{"level":"info","ts":1734337730.4491024,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"piotr-12-16-work-gc5gw","lifespan-update-method":"REPLACE","lifespan":"seconds:21600"} -{"level":"info","ts":1734337730.4678617,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"prygiels@redhat.com","cluster-id":"piotr-12-16-work","lifespan-update-method":"REPLACE","lifespan":"seconds:25200","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734337730.896888,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"piotr-12-16-work-gc5gw","lifespan-update-method":"REPLACE","lifespan":"seconds:25200"} -{"level":"info","ts":1734337731.0117621,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"prygiels@redhat.com","cluster-id":"piotr-12-16-work","lifespan-update-method":"REPLACE","lifespan":"seconds:28800","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734337731.4094121,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"piotr-12-16-work-gc5gw","lifespan-update-method":"REPLACE","lifespan":"seconds:28800"} -{"level":"info","ts":1734337731.7306652,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"prygiels@redhat.com","cluster-id":"piotr-12-16-work","lifespan-update-method":"REPLACE","lifespan":"seconds:32400","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734337732.1341586,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"piotr-12-16-work-gc5gw","lifespan-update-method":"REPLACE","lifespan":"seconds:32400"} -{"level":"info","ts":1734337733.1884766,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"prygiels@redhat.com","cluster-id":"piotr-12-16-work","lifespan-update-method":"REPLACE","lifespan":"seconds:118800","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734337733.3878207,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"prygiels@redhat.com","cluster-id":"piotr-12-16-work","lifespan-update-method":"REPLACE","lifespan":"seconds:205200","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734337733.6004505,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"prygiels@redhat.com","cluster-id":"piotr-12-16-work","lifespan-update-method":"REPLACE","lifespan":"seconds:291600","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734337733.7818127,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"piotr-12-16-work-gc5gw","lifespan-update-method":"REPLACE","lifespan":"seconds:118800"} -{"level":"info","ts":1734337733.9337347,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"piotr-12-16-work-gc5gw","lifespan-update-method":"REPLACE","lifespan":"seconds:205200"} -{"level":"info","ts":1734337734.0279589,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"piotr-12-16-work-gc5gw","lifespan-update-method":"REPLACE","lifespan":"seconds:291600"} -{"level":"info","ts":1734337734.0643234,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"prygiels@redhat.com","cluster-id":"piotr-12-16-work","lifespan-update-method":"REPLACE","lifespan":"seconds:378000","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734337734.6125083,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"piotr-12-16-work-gc5gw","lifespan-update-method":"REPLACE","lifespan":"seconds:378000"} -{"level":"info","ts":1734339719.1321096,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"rhacs-bot+infra@redhat.com","flavor-id":"gke-default","log-type":"audit","phase":"cluster-create"} -{"level":"info","ts":1734339719.6903188,"caller":"logging/logger.go:88","msg":"a completed argo workflow exists","workflow-name":"long-fake-load-4-6-0-tml9j","cluster-id":"long-fake-load-4-6-0","workflow-phase":"Succeeded"} -{"level":"info","ts":1734339719.6906152,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"gke-default","cluster-id":"long-fake-load-4-6-0","cluster-owner":"rhacs-bot+infra@redhat.com"} -{"level":"info","ts":1734339719.707165,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"long-fake-load-4-6-0-pcr4v","cluster-id":"long-fake-load-4-6-0"} -{"level":"info","ts":1734339719.739017,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"rhacs-bot+infra@redhat.com","flavor-id":"gke-default","log-type":"audit","phase":"cluster-create"} -{"level":"info","ts":1734339720.1518786,"caller":"logging/logger.go:88","msg":"a completed argo workflow exists","workflow-name":"long-real-load-4-6-0-zmfp4","cluster-id":"long-real-load-4-6-0","workflow-phase":"Succeeded"} -{"level":"info","ts":1734339720.1519442,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"gke-default","cluster-id":"long-real-load-4-6-0","cluster-owner":"rhacs-bot+infra@redhat.com"} -{"level":"info","ts":1734339720.165881,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"long-real-load-4-6-0-nj6xh","cluster-id":"long-real-load-4-6-0"} -{"level":"info","ts":1734340034.5016098,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"ghutton@redhat.com","flavor-id":"openshift-4","log-type":"audit","phase":"cluster-create"} -{"level":"info","ts":1734340034.8921165,"caller":"logging/logger.go:88","msg":"could not find an argo workflow to match infra cluster by label","cluster-id":"gdth-12-16-damaging-grass-di"} -time="2024-12-16T09:07:14Z" level=error msg="failed to get live workflow: workflows.argoproj.io \"gdth-12-16-damaging-grass-di\" not found; failed to get archived workflow: rpc error: code = Internal desc = getting archived workflows not supported" -{"level":"info","ts":1734340034.8980205,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"openshift-4","cluster-id":"gdth-12-16-damaging-grass-di","cluster-owner":"ghutton@redhat.com"} -{"level":"info","ts":1734340034.9178183,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"gdth-12-16-damaging-grass-di-pbcrv","cluster-id":"gdth-12-16-damaging-grass-di"} -{"level":"warn","ts":1734340215.7549706,"caller":"logging/logger.go:88","msg":"slack loop took 5.223209264s"} -{"level":"info","ts":1734341046.4768918,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"lvalerom@redhat.com","flavor-id":"openshift-4","log-type":"audit","phase":"cluster-create"} -{"level":"info","ts":1734341046.9810028,"caller":"logging/logger.go:88","msg":"could not find an argo workflow to match infra cluster by label","cluster-id":"lvm-12-16-1"} -time="2024-12-16T09:24:06Z" level=error msg="failed to get live workflow: workflows.argoproj.io \"lvm-12-16-1\" not found; failed to get archived workflow: rpc error: code = Internal desc = getting archived workflows not supported" -{"level":"info","ts":1734341046.9863865,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"openshift-4","cluster-id":"lvm-12-16-1","cluster-owner":"lvalerom@redhat.com"} -{"level":"info","ts":1734341047.0074124,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"lvm-12-16-1-wk8gm","cluster-id":"lvm-12-16-1"} -{"level":"warn","ts":1734341436.8200366,"caller":"logging/logger.go:88","msg":"slack loop took 5.521730686s"} -{"level":"info","ts":1734341630.2915246,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"jschnath@redhat.com","cluster-id":"long-real-load-4-6-0","lifespan-update-method":"REPLACE","lifespan":"seconds:518400","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734341630.4513018,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"jschnath@redhat.com","cluster-id":"long-real-load-4-6-0","lifespan-update-method":"REPLACE","lifespan":"seconds:432000","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734341630.6071322,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"jschnath@redhat.com","cluster-id":"long-real-load-4-6-0","lifespan-update-method":"REPLACE","lifespan":"seconds:345600","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734341630.755104,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"jschnath@redhat.com","cluster-id":"long-real-load-4-6-0","lifespan-update-method":"REPLACE","lifespan":"seconds:259200","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734341630.887406,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"jschnath@redhat.com","cluster-id":"long-real-load-4-6-0","lifespan-update-method":"REPLACE","lifespan":"seconds:172800","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734341630.905779,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"long-real-load-4-6-0-nj6xh","lifespan-update-method":"REPLACE","lifespan":"seconds:518400"} -{"level":"info","ts":1734341631.0321255,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"jschnath@redhat.com","cluster-id":"long-real-load-4-6-0","lifespan-update-method":"REPLACE","lifespan":"seconds:86400","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734341631.1639905,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"jschnath@redhat.com","cluster-id":"long-real-load-4-6-0","lifespan-update-method":"REPLACE","lifespan":"seconds:2840 nanos:995000000","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734341631.2059228,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"long-real-load-4-6-0-nj6xh","lifespan-update-method":"REPLACE","lifespan":"seconds:432000"} -{"level":"info","ts":1734341631.6678326,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"long-real-load-4-6-0-nj6xh","lifespan-update-method":"REPLACE","lifespan":"seconds:259200"} -{"level":"info","ts":1734341631.933895,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"long-real-load-4-6-0-nj6xh","lifespan-update-method":"REPLACE","lifespan":"seconds:345600"} -{"level":"info","ts":1734341631.952875,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"long-real-load-4-6-0-nj6xh","lifespan-update-method":"REPLACE","lifespan":"seconds:172800"} -{"level":"info","ts":1734341632.0277908,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"long-real-load-4-6-0-nj6xh","lifespan-update-method":"REPLACE","lifespan":"seconds:86400"} -{"level":"info","ts":1734341632.1095583,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"long-real-load-4-6-0-nj6xh","lifespan-update-method":"REPLACE","lifespan":"seconds:2840 nanos:995000000"} -{"level":"info","ts":1734342562.8776145,"caller":"logging/logger.go:88","msg":"resuming an argo workflow that has expired","workflow-name":"long-real-load-4-6-0-nj6xh"} -time="2024-12-16T09:49:22Z" level=info msg="Workflow to be dehydrated" Workflow Size=5256 -{"level":"info","ts":1734342949.283974,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"ghutton@redhat.com","cluster-id":"gdth-12-16-damaging-grass-di","lifespan-update-method":"REPLACE","lifespan":"seconds:97200","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734342950.0692072,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"gdth-12-16-damaging-grass-di-pbcrv","lifespan-update-method":"REPLACE","lifespan":"seconds:97200"} -{"level":"info","ts":1734342950.4015908,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"ghutton@redhat.com","cluster-id":"gdth-12-16-damaging-grass-di","lifespan-update-method":"REPLACE","lifespan":"seconds:183600","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734342950.8051054,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"gdth-12-16-damaging-grass-di-pbcrv","lifespan-update-method":"REPLACE","lifespan":"seconds:183600"} -{"level":"warn","ts":1734343233.0543535,"caller":"logging/logger.go:88","msg":"slack loop took 5.01300042s"} -{"level":"info","ts":1734344105.2391815,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"sbaumer@redhat.com","flavor-id":"aks","log-type":"audit","phase":"cluster-create"} -{"level":"info","ts":1734344105.743893,"caller":"logging/logger.go:88","msg":"a completed argo workflow exists","workflow-name":"simon-flakes-6j62s","cluster-id":"simon-flakes","workflow-phase":"Succeeded"} -{"level":"info","ts":1734344105.743973,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"aks","cluster-id":"simon-flakes","cluster-owner":"sbaumer@redhat.com"} -{"level":"info","ts":1734344105.762171,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"simon-flakes-nb2xb","cluster-id":"simon-flakes"} -{"level":"warn","ts":1734344130.8219137,"caller":"logging/logger.go:88","msg":"slack loop took 5.035439447s"} -{"level":"info","ts":1734345505.748293,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"ykovalev@redhat.com","flavor-id":"openshift-4","log-type":"audit","phase":"cluster-create"} -{"level":"info","ts":1734345506.2587364,"caller":"logging/logger.go:88","msg":"could not find an argo workflow to match infra cluster by label","cluster-id":"yk-12-16-former-quicksand-fl"} -time="2024-12-16T10:38:26Z" level=error msg="failed to get live workflow: workflows.argoproj.io \"yk-12-16-former-quicksand-fl\" not found; failed to get archived workflow: rpc error: code = Internal desc = getting archived workflows not supported" -{"level":"info","ts":1734345506.2633533,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"openshift-4","cluster-id":"yk-12-16-former-quicksand-fl","cluster-owner":"ykovalev@redhat.com"} -{"level":"info","ts":1734345506.2836697,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"yk-12-16-former-quicksand-fl-gdpdf","cluster-id":"yk-12-16-former-quicksand-fl"} -{"level":"info","ts":1734345591.8896277,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"dashrews@redhat.com","flavor-id":"openshift-4","log-type":"audit","phase":"cluster-create"} -{"level":"info","ts":1734345592.3060715,"caller":"logging/logger.go:88","msg":"could not find an argo workflow to match infra cluster by label","cluster-id":"ds-12-16-wicked-friction-sch"} -time="2024-12-16T10:39:52Z" level=error msg="failed to get live workflow: workflows.argoproj.io \"ds-12-16-wicked-friction-sch\" not found; failed to get archived workflow: rpc error: code = Internal desc = getting archived workflows not supported" -{"level":"info","ts":1734345592.3110526,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"openshift-4","cluster-id":"ds-12-16-wicked-friction-sch","cluster-owner":"dashrews@redhat.com"} -{"level":"info","ts":1734345592.33113,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"ds-12-16-wicked-friction-sch-8x5px","cluster-id":"ds-12-16-wicked-friction-sch"} -{"level":"info","ts":1734345595.1123981,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"dashrews@redhat.com","cluster-id":"ds-12-16-wicked-friction-sch","lifespan-update-method":"REPLACE","lifespan":"seconds:14400","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734345595.518889,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"ds-12-16-wicked-friction-sch-8x5px","lifespan-update-method":"REPLACE","lifespan":"seconds:14400"} -{"level":"info","ts":1734345595.586247,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"dashrews@redhat.com","cluster-id":"ds-12-16-wicked-friction-sch","lifespan-update-method":"REPLACE","lifespan":"seconds:18000","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734345595.7765622,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"dashrews@redhat.com","cluster-id":"ds-12-16-wicked-friction-sch","lifespan-update-method":"REPLACE","lifespan":"seconds:21600","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734345595.9549108,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"dashrews@redhat.com","cluster-id":"ds-12-16-wicked-friction-sch","lifespan-update-method":"REPLACE","lifespan":"seconds:25200","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734345596.1189835,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"dashrews@redhat.com","cluster-id":"ds-12-16-wicked-friction-sch","lifespan-update-method":"REPLACE","lifespan":"seconds:28800","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734345596.2803054,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"ds-12-16-wicked-friction-sch-8x5px","lifespan-update-method":"REPLACE","lifespan":"seconds:18000"} -{"level":"info","ts":1734345596.293105,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"dashrews@redhat.com","cluster-id":"ds-12-16-wicked-friction-sch","lifespan-update-method":"REPLACE","lifespan":"seconds:32400","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734345596.4726374,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"dashrews@redhat.com","cluster-id":"ds-12-16-wicked-friction-sch","lifespan-update-method":"REPLACE","lifespan":"seconds:36000","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734345596.7700825,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"ds-12-16-wicked-friction-sch-8x5px","lifespan-update-method":"REPLACE","lifespan":"seconds:21600"} -{"level":"info","ts":1734345597.1007645,"caller":"logging/logger.go:88","msg":"received a lifespan update request for infra cluster","actor":"dashrews@redhat.com","cluster-id":"ds-12-16-wicked-friction-sch","lifespan-update-method":"REPLACE","lifespan":"seconds:39600","log-type":"audit","phase":"cluster-lifespan"} -{"level":"info","ts":1734345597.1851423,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"ds-12-16-wicked-friction-sch-8x5px","lifespan-update-method":"REPLACE","lifespan":"seconds:25200"} -{"level":"info","ts":1734345597.2919006,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"ds-12-16-wicked-friction-sch-8x5px","lifespan-update-method":"REPLACE","lifespan":"seconds:28800"} -{"level":"info","ts":1734345597.6990407,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"ds-12-16-wicked-friction-sch-8x5px","lifespan-update-method":"REPLACE","lifespan":"seconds:36000"} -{"level":"info","ts":1734345598.1702433,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"ds-12-16-wicked-friction-sch-8x5px","lifespan-update-method":"REPLACE","lifespan":"seconds:39600"} -{"level":"info","ts":1734345598.2100046,"caller":"logging/logger.go:88","msg":"will apply a lifespan update to argo workflow","workflow-name":"ds-12-16-wicked-friction-sch-8x5px","lifespan-update-method":"REPLACE","lifespan":"seconds:32400"} -{"level":"warn","ts":1734348629.8598251,"caller":"logging/logger.go:88","msg":"slack loop took 5.098499987s"} -{"level":"warn","ts":1734349016.8048606,"caller":"logging/logger.go:88","msg":"slack loop took 5.193428536s"} -{"level":"warn","ts":1734349918.8334134,"caller":"logging/logger.go:88","msg":"slack loop took 5.731238051s"} -{"level":"warn","ts":1734350435.6081874,"caller":"logging/logger.go:88","msg":"slack loop took 6.860983283s"} -{"level":"warn","ts":1734350758.6938698,"caller":"logging/logger.go:88","msg":"slack loop took 5.466065565s"} -{"level":"info","ts":1734352188.9313006,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"mtodorov@redhat.com","flavor-id":"gke-default","log-type":"audit","phase":"cluster-create"} -{"level":"info","ts":1734352189.5647554,"caller":"logging/logger.go:88","msg":"could not find an argo workflow to match infra cluster by label","cluster-id":"mt-12-16-1"} -time="2024-12-16T12:29:49Z" level=error msg="failed to get live workflow: workflows.argoproj.io \"mt-12-16-1\" not found; failed to get archived workflow: rpc error: code = Internal desc = getting archived workflows not supported" -{"level":"info","ts":1734352189.5700264,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"gke-default","cluster-id":"mt-12-16-1","cluster-owner":"mtodorov@redhat.com"} -{"level":"info","ts":1734352189.5879223,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"mt-12-16-1-mxrb5","cluster-id":"mt-12-16-1"} -{"level":"warn","ts":1734352757.7376175,"caller":"logging/logger.go:88","msg":"slack loop took 5.036723161s"} -{"level":"info","ts":1734352812.101843,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"jmalsam@redhat.com","flavor-id":"osd-on-aws","log-type":"audit","phase":"cluster-create"} -{"level":"info","ts":1734352812.5804021,"caller":"logging/logger.go:88","msg":"a completed argo workflow exists","workflow-name":"jm-migration-1-tqj6c","cluster-id":"jm-migration-1","workflow-phase":"Succeeded"} -{"level":"info","ts":1734352812.5808156,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"osd-on-aws","cluster-id":"jm-migration-1","cluster-owner":"jmalsam@redhat.com"} -{"level":"info","ts":1734352812.6002316,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"jm-migration-1-l9ckk","cluster-id":"jm-migration-1"} -{"level":"warn","ts":1734352823.656078,"caller":"logging/logger.go:88","msg":"slack loop took 5.918170411s"} -{"level":"info","ts":1734352827.75775,"caller":"logging/logger.go:88","msg":"received a create request for flavor","actor":"jmalsam@redhat.com","flavor-id":"osd-on-aws","log-type":"audit","phase":"cluster-create"} -{"level":"info","ts":1734352828.2269843,"caller":"logging/logger.go:88","msg":"a completed argo workflow exists","workflow-name":"jm-migration-2-cfjbz","cluster-id":"jm-migration-2","workflow-phase":"Succeeded"} -{"level":"info","ts":1734352828.227051,"caller":"logging/logger.go:88","msg":"will create an infra cluster","flavor-id":"osd-on-aws","cluster-id":"jm-migration-2","cluster-owner":"jmalsam@redhat.com"} -{"level":"info","ts":1734352828.2425134,"caller":"logging/logger.go:88","msg":"created an argo workflow for a new infra cluster","workflow-name":"jm-migration-2-s7nh6","cluster-id":"jm-migration-2"} -{"level":"warn","ts":1734353276.5686252,"caller":"logging/logger.go:88","msg":"slack loop took 5.263049608s"} -{"level":"warn","ts":1734353794.465294,"caller":"logging/logger.go:88","msg":"slack loop took 6.313127945s"} -{"level":"warn","ts":1734354053.4361181,"caller":"logging/logger.go:88","msg":"slack loop took 5.314350066s"} -{"level":"warn","ts":1734354442.080201,"caller":"logging/logger.go:88","msg":"slack loop took 5.156349754s"} -{"level":"warn","ts":1734354507.169951,"caller":"logging/logger.go:88","msg":"slack loop took 5.088552814s"} diff --git a/sample-snapshot-minimal.yml b/sample-snapshot-minimal.yml deleted file mode 100644 index 6e7211311c535..0000000000000 --- a/sample-snapshot-minimal.yml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: appstudio.redhat.com/v1alpha1 -kind: Snapshot -metadata: - name: tm-acs-4-6-0-2 - namespace: rh-acs-tenant -spec: - application: acs-4-6 - components: - - containerImage: quay.io/rhacs-eng/scanner-slim@sha256:7b8e00ffbad318ff0aca32ba484eaf9493335d26195938704fb25efc73d36302 - name: scanner-slim-4-6 - source: - git: - revision: 9d8e7dafce - url: https://github.com/stackrox/scanner diff --git a/sample-snapshot.yaml b/sample-snapshot.yaml deleted file mode 100644 index b8de58e4411cb..0000000000000 --- a/sample-snapshot.yaml +++ /dev/null @@ -1,149 +0,0 @@ -apiVersion: appstudio.redhat.com/v1alpha1 -kind: Snapshot -metadata: - annotations: - build.appstudio.openshift.io/repo: https://github.com/stackrox/stackrox?rev=ef6d50dfa46dd7407fcc468f7b7d8decb971bb4c - build.appstudio.redhat.com/commit_sha: ef6d50dfa46dd7407fcc468f7b7d8decb971bb4c - build.appstudio.redhat.com/pull_request_number: "13565" - build.appstudio.redhat.com/target_branch: release-4.6 - pac.test.appstudio.openshift.io/branch: release-4.6 - pac.test.appstudio.openshift.io/check-run-id: "34177427431" - pac.test.appstudio.openshift.io/controller-info: '{"name":"default","configmap":"pipelines-as-code","secret":"pipelines-as-code-secret", - "gRepo": "pipelines-as-code"}' - pac.test.appstudio.openshift.io/event-type: pull_request - pac.test.appstudio.openshift.io/git-auth-secret: pac-gitauth-jnmpcc - pac.test.appstudio.openshift.io/git-provider: github - pac.test.appstudio.openshift.io/installation-id: "41511273" - pac.test.appstudio.openshift.io/log-url: https://console.redhat.com/application-pipeline/ns/rh-acs-tenant/pipelinerun/scanner-v4-on-push-6p9nz - pac.test.appstudio.openshift.io/max-keep-runs: "500" - pac.test.appstudio.openshift.io/on-cel-expression: | - event == "pull_request" || ( - event == "push" && ( - source_branch.startsWith("release-") || - target_branch.startsWith("refs/tags/") - ) - ) - pac.test.appstudio.openshift.io/original-prname: scanner-v4-on-push - pac.test.appstudio.openshift.io/pull-request: "13565" - pac.test.appstudio.openshift.io/repo-url: https://github.com/stackrox/stackrox - pac.test.appstudio.openshift.io/repository: main - pac.test.appstudio.openshift.io/sender: rhybrillou - pac.test.appstudio.openshift.io/sha: ef6d50dfa46dd7407fcc468f7b7d8decb971bb4c - pac.test.appstudio.openshift.io/sha-title: Update CHANGELOG.md - pac.test.appstudio.openshift.io/sha-url: https://github.com/stackrox/stackrox/commit/ef6d50dfa46dd7407fcc468f7b7d8decb971bb4c - pac.test.appstudio.openshift.io/source-branch: rhybrillou-4.6.1-changelog - pac.test.appstudio.openshift.io/source-repo-url: https://github.com/stackrox/stackrox - pac.test.appstudio.openshift.io/state: completed - pac.test.appstudio.openshift.io/url-org: stackrox - pac.test.appstudio.openshift.io/url-repository: stackrox - test.appstudio.openshift.io/create-groupsnapshot-status: build PLR main-on-push-pdtw8 - failed for component main-4-6 so it can't be added to the group Snapshot for - PR group rhybrillou-4.6.1-changelog - test.appstudio.openshift.io/git-reporter-status: '{"scenarios":{"acs-enterprise-contract-4-6-acs-4-6-2gqvj":{"lastUpdateTime":"2024-12-10T08:46:50.193266481Z"}}}' - test.appstudio.openshift.io/pipelinerunstarttime: "1733818121" - test.appstudio.openshift.io/pr-group: rhybrillou-4.6.1-changelog - test.appstudio.openshift.io/source-repo-url: https://github.com/stackrox/stackrox - test.appstudio.openshift.io/status: '[{"scenario":"acs-enterprise-contract-4-6","status":"TestFail","lastUpdateTime":"2024-12-10T08:46:50.193266481Z","details":"Integration - test failed","startTime":"2024-12-10T08:36:13.232657754Z","completionTime":"2024-12-10T08:46:50.193266481Z","testPipelineRunName":"acs-enterprise-contract-4-6-5h49x"}]' - creationTimestamp: "2024-12-10T08:36:13Z" - generateName: acs-4-6- - generation: 1 - labels: - appstudio.openshift.io/application: acs-4-6 - appstudio.openshift.io/build-pipelinerun: scanner-v4-on-push-6p9nz - appstudio.openshift.io/component: scanner-v4-4-6 - pac.test.appstudio.openshift.io/check-run-id: "34177427431" - pac.test.appstudio.openshift.io/event-type: pull_request - pac.test.appstudio.openshift.io/original-prname: scanner-v4-on-push - pac.test.appstudio.openshift.io/pull-request: "13565" - pac.test.appstudio.openshift.io/repository: main - pac.test.appstudio.openshift.io/sha: ef6d50dfa46dd7407fcc468f7b7d8decb971bb4c - pac.test.appstudio.openshift.io/state: completed - pac.test.appstudio.openshift.io/url-org: stackrox - pac.test.appstudio.openshift.io/url-repository: stackrox - test.appstudio.openshift.io/pipelinerunfinishtime: "1733819742" - test.appstudio.openshift.io/pr-group-sha: fd22bb1a5c6eef9440db2556a7d62f04dcd801cb581ea30493e4e19868bb34 - test.appstudio.openshift.io/type: component - name: acs-4-6-2gqvj - namespace: rh-acs-tenant - ownerReferences: - - apiVersion: appstudio.redhat.com/v1alpha1 - blockOwnerDeletion: true - controller: true - kind: Application - name: acs-4-6 - uid: 34ce9f29-8c6b-4450-aaec-b4459b34f79f - resourceVersion: "2816698750" - uid: d9d97f9c-5846-4ae9-83a9-ef866700aa28 -spec: - application: acs-4-6 - artifacts: {} - components: - - containerImage: quay.io/rhacs-eng/scanner-slim@sha256:7b8e00ffbad318ff0aca32ba484eaf9493335d26195938704fb25efc73d36302 - name: scanner-slim-4-6 - source: - git: - dockerfileUrl: image/scanner/rhel/konflux.Dockerfile - revision: 9d8e7dafceafb8a4cdfcbc1beeeb1e3fb26cce56 - url: https://github.com/stackrox/scanner - - containerImage: quay.io/rhacs-eng/scanner-v4@sha256:c2ada6227ad865379387ddfdfaa91d281898aaf59d39c898246b700638b4d585 - name: scanner-v4-4-6 - source: - git: - revision: ef6d50dfa46dd7407fcc468f7b7d8decb971bb4c - url: https://github.com/stackrox/stackrox - - containerImage: quay.io/rhacs-eng/scanner-v4-db@sha256:990113268287aff396cb90027dcbee16f828f949032922c815581d1a5eee3a67 - name: scanner-v4-db-4-6 - source: - git: - dockerfileUrl: scanner/image/db/konflux.Dockerfile - revision: 3cb0a1ce685019658b653690238dd0e3e3440780 - url: https://github.com/stackrox/stackrox - - containerImage: quay.io/rhacs-eng/central-db@sha256:f89e30351ee725c41b627e0c0ab3ac1d5184fbe7653d5e8ef8226c614dc80f34 - name: central-db-4-6 - source: - git: - dockerfileUrl: image/postgres/konflux.Dockerfile - revision: 954811fdc76ecd258e484e8e7db868186832f8f5 - url: https://github.com/stackrox/stackrox - - containerImage: quay.io/rhacs-eng/roxctl@sha256:f093e6155084d05d343d7c1ef2133e634d0680f0cb564ab067ebcdc4c23e5b86 - name: roxctl-4-6 - source: - git: - dockerfileUrl: image/roxctl/konflux.Dockerfile - revision: dcb9cf5292b359aeba77e9b24c38279ad5d4badd - url: https://github.com/stackrox/stackrox - - containerImage: quay.io/rhacs-eng/collector@sha256:1452d5407db21271699f2ab9c29ea204817ee3eaaece159bdb60cd3cf168c14e - name: collector-4-6 - source: - git: - dockerfileUrl: collector/container/konflux.Dockerfile - revision: e8c795eb0658afa37650d9ad51c8f64967c940da - url: https://github.com/stackrox/collector - - containerImage: quay.io/rhacs-eng/stackrox-operator@sha256:275682aa268f30df2ef8017a3de37b908e9f58deec203eb517f9dc5a92486d77 - name: operator-4-6 - source: - git: - dockerfileUrl: operator/konflux.Dockerfile - revision: 8decc6f98b9162fe30850b54010ab01e35279933 - url: https://github.com/stackrox/stackrox - - containerImage: quay.io/rhacs-eng/scanner-db@sha256:44aeebbcb26f1dec7dd0035be702710c8c84c27f3361f58e067a51138168bc06 - name: scanner-db-4-6 - source: - git: - dockerfileUrl: image/db/rhel/konflux.Dockerfile - revision: 072b9e250183ee819d11098087c7163489a31029 - url: https://github.com/stackrox/scanner -status: - conditions: - - lastTransitionTime: "2024-12-10T08:46:50Z" - message: Snapshot integration status condition is finished since all testing pipelines - completed - reason: Finished - status: "True" - type: AppStudioIntegrationStatus - - lastTransitionTime: "2024-12-10T08:46:50Z" - message: Some Integration pipeline tests failed - reason: Failed - status: "False" - type: AppStudioTestSucceeded From 613809948b59a891cc67cd0ae7031ee6b668f464 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Mon, 16 Dec 2024 16:09:32 +0100 Subject: [PATCH 38/92] include all components in the snapshot --- .tekton/operator-bundle-pipeline.yaml | 46 +++++++++++++++++++++++++-- 1 file changed, 44 insertions(+), 2 deletions(-) diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index 8d9798ad5fc08..17a0265e0ee06 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -681,12 +681,30 @@ spec: - name: IMAGE_REFS value: | [ + { + "component": "scanner-db", + "ref": "$(params.scanner-db-image-build-repo)@$(tasks.wait-for-scanner-db-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-scanner-db-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-scanner-db-image.results.GIT_REF)" + }, + { + "component": "scanner-db-slim", + "ref": "$(params.scanner-db-slim-image-build-repo)@$(tasks.wait-for-scanner-db-slim-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-scanner-db-slim-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-scanner-db-slim-image.results.GIT_REF)" + }, { "component": "scanner", "ref": "$(params.scanner-image-build-repo)@$(tasks.wait-for-scanner-image.results.IMAGE_DIGEST)", "repository": "$(tasks.wait-for-scanner-image.results.GIT_REPO)", "revision": "$(tasks.wait-for-scanner-image.results.GIT_REF)" }, + { + "component": "scanner-slim", + "ref": "$(params.scanner-slim-image-build-repo)@$(tasks.wait-for-scanner-slim-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-scanner-slim-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-scanner-slim-image.results.GIT_REF)" + }, { "component": "collector", "ref": "$(params.collector-full-image-build-repo)@$(tasks.wait-for-collector-full-image.results.IMAGE_DIGEST)", @@ -696,8 +714,32 @@ spec: { "component": "central-db", "ref": "$(params.central-db-image-build-repo)@$(tasks.wait-for-central-db-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-central-db-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-central-db-image.results.GIT_REF)" + "repository": "$(params.git-url)", + "revision": "$(params.revision)" + }, + { + "component": "scanner-v4-db", + "ref": "$(params.scanner-v4-db-image-build-repo)@$(tasks.wait-for-scanner-v4-db-image.results.IMAGE_DIGEST)", + "repository": "$(params.git-url)", + "revision": "$(params.revision)" + }, + { + "component": "scanner-v4", + "ref": "$(params.scanner-v4-image-build-repo)@$(tasks.wait-for-scanner-v4-image.results.IMAGE_DIGEST)", + "repository": "$(params.git-url)", + "revision": "$(params.revision)" + }, + { + "component": "main", + "ref": "$(params.main-image-build-repo)@$(tasks.wait-for-main-image.results.IMAGE_DIGEST)", + "repository": "$(params.git-url)", + "revision": "$(params.revision)" + }, + { + "component": "operator", + "ref": "$(params.operator-image-build-repo)@$(tasks.wait-for-operator-image.results.IMAGE_DIGEST)", + "repository": "$(params.git-url)", + "revision": "$(params.revision)" }, { "component": "operator-bundle", From f18ae885865b782c64ecf30a9ce4bcd1419290a6 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Mon, 16 Dec 2024 16:28:30 +0100 Subject: [PATCH 39/92] fix UI rendering of snapshot --- .konflux/scripts/render_snapshot.py | 14 ++++++++++++-- .tekton/create-snapshot-task.yaml | 4 ++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/.konflux/scripts/render_snapshot.py b/.konflux/scripts/render_snapshot.py index 27283c444b46f..9abfa7f5c3404 100755 --- a/.konflux/scripts/render_snapshot.py +++ b/.konflux/scripts/render_snapshot.py @@ -26,13 +26,21 @@ def process_component(component, name_suffix): } -def construct_snapshot(snapshot_name_prefix, application, components): +def construct_snapshot( + snapshot_name_prefix, + pipeline_run_name, + application, + components +): snapshot_name = f"{snapshot_name_prefix}-{int(time.time())}" return { "apiVersion": "appstudio.redhat.com/v1alpha1", "kind": "Snapshot", "metadata": { - "name": snapshot_name + "name": snapshot_name, + "labels": { + "appstudio.openshift.io/build-pipelinerun": pipeline_run_name + } }, "spec": { "application": application, @@ -47,11 +55,13 @@ def determine_component_name_suffix(application): if __name__ == '__main__': application = os.getenv("APPLICATION", "") + pipeline_run_name = os.getenv("PIPELINE_RUN_NAME", "") image_refs = load_image_refs() name_suffix = determine_component_name_suffix(application) components = [process_component(c, name_suffix) for c in image_refs] snapshot = construct_snapshot( f"tm-{application}", + pipeline_run_name, application, components ) diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index 6b54cccf2475a..7b797f6da0938 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -36,6 +36,10 @@ spec: valueFrom: fieldRef: fieldPath: metadata.labels['appstudio.openshift.io/application'] + - name: PIPELINE_RUN_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name - name: IMAGE_REFS value: $(params.IMAGE_REFS) script: | From 9e85449a94539f4e842f39b2707a4660c8a1662f Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Tue, 17 Dec 2024 13:05:58 +0100 Subject: [PATCH 40/92] build arm64 instead of s390x temporarily... --- .tekton/main-pipeline.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.tekton/main-pipeline.yaml b/.tekton/main-pipeline.yaml index 8c2d9ea741f02..4b21583e38053 100644 --- a/.tekton/main-pipeline.yaml +++ b/.tekton/main-pipeline.yaml @@ -266,7 +266,7 @@ spec: - name: build-container-s390x params: - name: PLATFORM - value: linux/s390x + value: linux/arm64 - name: IMAGE value: $(params.output-image-repo):$(tasks.determine-image-tag.results.IMAGE_TAG)-s390x - name: DOCKERFILE From aaf944ab510440886d25681ae5d34b62b4624bbf Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Tue, 17 Dec 2024 15:21:57 +0100 Subject: [PATCH 41/92] revert main changes, add empty line --- .tekton/create-snapshot-task.yaml | 3 +++ .tekton/main-pipeline.yaml | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index 7b797f6da0938..479a1c06236b3 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -46,4 +46,7 @@ spec: #!/usr/bin/env bash .konflux/scripts/render_snapshot.py | tee "$(results.SNAPSHOT_NAME.path)" + + # Printing an empty line for separation in the log. + echo oc create -f snapshot.json diff --git a/.tekton/main-pipeline.yaml b/.tekton/main-pipeline.yaml index 4b21583e38053..8c2d9ea741f02 100644 --- a/.tekton/main-pipeline.yaml +++ b/.tekton/main-pipeline.yaml @@ -266,7 +266,7 @@ spec: - name: build-container-s390x params: - name: PLATFORM - value: linux/arm64 + value: linux/s390x - name: IMAGE value: $(params.output-image-repo):$(tasks.determine-image-tag.results.IMAGE_TAG)-s390x - name: DOCKERFILE From 13820b94e546eb3373cda9fc50e1e7ad0b37c079 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Tue, 17 Dec 2024 15:27:32 +0100 Subject: [PATCH 42/92] default snapshot name --- .konflux/scripts/render_snapshot.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.konflux/scripts/render_snapshot.py b/.konflux/scripts/render_snapshot.py index 9abfa7f5c3404..693f332b31371 100755 --- a/.konflux/scripts/render_snapshot.py +++ b/.konflux/scripts/render_snapshot.py @@ -60,10 +60,10 @@ def determine_component_name_suffix(application): name_suffix = determine_component_name_suffix(application) components = [process_component(c, name_suffix) for c in image_refs] snapshot = construct_snapshot( - f"tm-{application}", - pipeline_run_name, - application, - components + snapshot_name_prefix=application, + pipeline_run_name=pipeline_run_name, + application=application, + components=components ) with open("snapshot.json", "w") as f: From 19a203a26095c2b51fedf66feb1a5f2607100830 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Tue, 17 Dec 2024 15:40:51 +0100 Subject: [PATCH 43/92] remove superfluous file --- snapshot.json | 1 - 1 file changed, 1 deletion(-) delete mode 100644 snapshot.json diff --git a/snapshot.json b/snapshot.json deleted file mode 100644 index bc290f67293e8..0000000000000 --- a/snapshot.json +++ /dev/null @@ -1 +0,0 @@ -{"apiVersion": "appstudio.redhat.com/v1alpha1", "kind": "Snapshot", "metadata": {"name": "tm-acs-4-6-1734082755"}, "spec": {"application": "acs-4-6", "components": [{"containerImage": "", "name": "scanner-4-6", "source": {"git": {"revision": "", "url": ""}}}]}} \ No newline at end of file From a072f2efafc8f1407c8d65d90a39e1e16565c9f2 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Tue, 17 Dec 2024 15:43:33 +0100 Subject: [PATCH 44/92] sort IMAGE_REFS alphabetically --- .tekton/operator-bundle-pipeline.yaml | 72 +++++++++++++-------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index 17a0265e0ee06..2d9e1f09a1e76 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -682,28 +682,10 @@ spec: value: | [ { - "component": "scanner-db", - "ref": "$(params.scanner-db-image-build-repo)@$(tasks.wait-for-scanner-db-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-scanner-db-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-scanner-db-image.results.GIT_REF)" - }, - { - "component": "scanner-db-slim", - "ref": "$(params.scanner-db-slim-image-build-repo)@$(tasks.wait-for-scanner-db-slim-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-scanner-db-slim-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-scanner-db-slim-image.results.GIT_REF)" - }, - { - "component": "scanner", - "ref": "$(params.scanner-image-build-repo)@$(tasks.wait-for-scanner-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-scanner-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-scanner-image.results.GIT_REF)" - }, - { - "component": "scanner-slim", - "ref": "$(params.scanner-slim-image-build-repo)@$(tasks.wait-for-scanner-slim-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-scanner-slim-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-scanner-slim-image.results.GIT_REF)" + "component": "central-db", + "ref": "$(params.central-db-image-build-repo)@$(tasks.wait-for-central-db-image.results.IMAGE_DIGEST)", + "repository": "$(params.git-url)", + "revision": "$(params.revision)" }, { "component": "collector", @@ -712,38 +694,56 @@ spec: "revision": "$(tasks.wait-for-collector-full-image.results.GIT_REF)" }, { - "component": "central-db", - "ref": "$(params.central-db-image-build-repo)@$(tasks.wait-for-central-db-image.results.IMAGE_DIGEST)", + "component": "main", + "ref": "$(params.main-image-build-repo)@$(tasks.wait-for-main-image.results.IMAGE_DIGEST)", "repository": "$(params.git-url)", "revision": "$(params.revision)" }, { - "component": "scanner-v4-db", - "ref": "$(params.scanner-v4-db-image-build-repo)@$(tasks.wait-for-scanner-v4-db-image.results.IMAGE_DIGEST)", + "component": "operator", + "ref": "$(params.operator-image-build-repo)@$(tasks.wait-for-operator-image.results.IMAGE_DIGEST)", "repository": "$(params.git-url)", "revision": "$(params.revision)" }, { - "component": "scanner-v4", - "ref": "$(params.scanner-v4-image-build-repo)@$(tasks.wait-for-scanner-v4-image.results.IMAGE_DIGEST)", + "component": "operator-bundle", + "ref": "$(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST)", "repository": "$(params.git-url)", "revision": "$(params.revision)" }, { - "component": "main", - "ref": "$(params.main-image-build-repo)@$(tasks.wait-for-main-image.results.IMAGE_DIGEST)", - "repository": "$(params.git-url)", - "revision": "$(params.revision)" + "component": "scanner", + "ref": "$(params.scanner-image-build-repo)@$(tasks.wait-for-scanner-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-scanner-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-scanner-image.results.GIT_REF)" }, { - "component": "operator", - "ref": "$(params.operator-image-build-repo)@$(tasks.wait-for-operator-image.results.IMAGE_DIGEST)", + "component": "scanner-db", + "ref": "$(params.scanner-db-image-build-repo)@$(tasks.wait-for-scanner-db-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-scanner-db-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-scanner-db-image.results.GIT_REF)" + }, + { + "component": "scanner-db-slim", + "ref": "$(params.scanner-db-slim-image-build-repo)@$(tasks.wait-for-scanner-db-slim-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-scanner-db-slim-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-scanner-db-slim-image.results.GIT_REF)" + }, + { + "component": "scanner-slim", + "ref": "$(params.scanner-slim-image-build-repo)@$(tasks.wait-for-scanner-slim-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-scanner-slim-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-scanner-slim-image.results.GIT_REF)" + }, + { + "component": "scanner-v4", + "ref": "$(params.scanner-v4-image-build-repo)@$(tasks.wait-for-scanner-v4-image.results.IMAGE_DIGEST)", "repository": "$(params.git-url)", "revision": "$(params.revision)" }, { - "component": "operator-bundle", - "ref": "$(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST)", + "component": "scanner-v4-db", + "ref": "$(params.scanner-v4-db-image-build-repo)@$(tasks.wait-for-scanner-v4-db-image.results.IMAGE_DIGEST)", "repository": "$(params.git-url)", "revision": "$(params.revision)" } From aa031ef6d3e4cedc0d2ab3e8016caa113d3de7ef Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 19 Dec 2024 13:18:11 +0100 Subject: [PATCH 45/92] first iteration on review comments --- .konflux/scripts/render_snapshot.py | 22 ++++++++++++++-------- .tekton/create-snapshot-task.yaml | 8 +++++++- .tekton/operator-bundle-pipeline.yaml | 10 +++++++++- .tekton/wait-for-image-task.yaml | 21 +++++---------------- 4 files changed, 35 insertions(+), 26 deletions(-) diff --git a/.konflux/scripts/render_snapshot.py b/.konflux/scripts/render_snapshot.py index 693f332b31371..2c9a8f6f63984 100755 --- a/.konflux/scripts/render_snapshot.py +++ b/.konflux/scripts/render_snapshot.py @@ -1,12 +1,13 @@ #!/usr/bin/env python3 +import datetime import json import os import time -def load_image_refs(): - return json.loads(os.getenv("IMAGE_REFS", '[]')) +def parse_image_refs(image_refs): + return json.loads(image_refs) def process_component(component, name_suffix): @@ -28,11 +29,13 @@ def process_component(component, name_suffix): def construct_snapshot( snapshot_name_prefix, + snapshot_version_suffix, pipeline_run_name, application, components ): - snapshot_name = f"{snapshot_name_prefix}-{int(time.time())}" + timestamp = datetime.datetime.now(datetime.UTC).strftime("%Y%m%dT%H%M%SZ") + snapshot_name = f"{snapshot_name_prefix}_{snapshot_version_suffix}-{timestamp}" return { "apiVersion": "appstudio.redhat.com/v1alpha1", "kind": "Snapshot", @@ -49,18 +52,21 @@ def construct_snapshot( } -def determine_component_name_suffix(application): +def determine_component_version_suffix(application): + # TODO: this as a regex return application.lstrip("acs-") if __name__ == '__main__': - application = os.getenv("APPLICATION", "") - pipeline_run_name = os.getenv("PIPELINE_RUN_NAME", "") - image_refs = load_image_refs() - name_suffix = determine_component_name_suffix(application) + application = os.environ["APPLICATION"] + pipeline_run_name = os.environ["PIPELINE_RUN_NAME"] + image_refs = parse_image_refs(os.environ["IMAGE_REFS"]) + main_image_tag = os.environ["MAIN_IMAGE_TAG"] + name_suffix = determine_component_version_suffix(application) components = [process_component(c, name_suffix) for c in image_refs] snapshot = construct_snapshot( snapshot_name_prefix=application, + snapshot_version_suffix=main_image_tag, pipeline_run_name=pipeline_run_name, application=application, components=components diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index 479a1c06236b3..426cd1593c612 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -12,6 +12,9 @@ spec: - name: IMAGE_REFS description: Image references. type: string + - name: MAIN_IMAGE_TAG + description: Result from determine-image-tag for the main image. + type: string results: - name: SNAPSHOT_NAME description: Name of the snapshot created by this task. @@ -29,7 +32,7 @@ spec: - use - $(params.SOURCE_ARTIFACT)=/var/workdir/source - name: create-snapshot - image: registry.redhat.io/openshift4/ose-cli@sha256:4d58b5a47a84f843e646c5272e32b2dbefac67fd56e283cb60635d792e6348f9 + image: registry.redhat.io/openshift4/ose-cli-rhel9@sha256:4f822262adc75bff1891bee0bab1611ae62dfb347f98fcf9aa2604129087eb2c workingDir: /var/workdir/source env: - name: APPLICATION @@ -42,8 +45,11 @@ spec: fieldPath: metadata.name - name: IMAGE_REFS value: $(params.IMAGE_REFS) + - name: MAIN_IMAGE_TAG + value: $(params.MAIN_IMAGE_TAG) script: | #!/usr/bin/env bash + set -euo pipefail .konflux/scripts/render_snapshot.py | tee "$(results.SNAPSHOT_NAME.path)" diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index 2d9e1f09a1e76..b21367277a184 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -707,7 +707,13 @@ spec: }, { "component": "operator-bundle", - "ref": "$(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST)", + "ref": "$(params.output-image-repo)@$(tasks.build-container.results.IMAGE_DIGEST)", + "repository": "$(params.git-url)", + "revision": "$(params.revision)" + }, + { + "component": "roxctl", + "ref": "$(params.roxctl-image-build-repo)@$(tasks.wait-for-roxctl-image.results.IMAGE_DIGEST)", "repository": "$(params.git-url)", "revision": "$(params.revision)" }, @@ -748,5 +754,7 @@ spec: "revision": "$(params.revision)" } ] + - name: MAIN_IMAGE_TAG + value: $(tasks.determine-main-image-tag.results.IMAGE_TAG) taskRef: name: create-snapshot diff --git a/.tekton/wait-for-image-task.yaml b/.tekton/wait-for-image-task.yaml index 1585416a89e28..1a53dac239025 100644 --- a/.tekton/wait-for-image-task.yaml +++ b/.tekton/wait-for-image-task.yaml @@ -34,23 +34,12 @@ spec: echo "Image $(params.IMAGE) found." - digest="$(skopeo inspect \ + infos="$(skopeo inspect \ --retry-times 10 \ - --format '{{.Digest}}' \ + --format '{{.Digest}}\n{{ index .Labels "vcs-ref" }}\n{{ index .Labels "source-location" }}' \ --no-tags \ "docker://$(params.IMAGE)")" - echo -n "$digest" | tee "$(results.IMAGE_DIGEST.path)" - git_ref="$(skopeo inspect \ - --retry-times 10 \ - --format '{{ index .Labels "vcs-ref" }}' \ - --no-tags \ - "docker://$(params.IMAGE)")" - echo -n "$git_ref" | tee "$(results.GIT_REF.path)" - - git_repo="$(skopeo inspect \ - --retry-times 10 \ - --format '{{ index .Labels "source-location" }}' \ - --no-tags \ - "docker://$(params.IMAGE)")" - echo -n "$git_repo" | tee "$(results.GIT_REPO.path)" + cut -f1 -d'\n' <<< "${infos}" | tee "$(results.IMAGE_DIGEST.path)" + cut -f2 -d'\n' <<< "${infos}" | tee "$(results.GIT_REF.path)" + cut -f3 -d'\n' <<< "${infos}" | tee "$(results.GIT_REPO.path)" From 749ff2057ea6c043776e1a233e2b4d8d2f9fb7f8 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 19 Dec 2024 14:50:53 +0100 Subject: [PATCH 46/92] use space as delimiter --- .tekton/wait-for-image-task.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.tekton/wait-for-image-task.yaml b/.tekton/wait-for-image-task.yaml index 1a53dac239025..d8d0a03dd992e 100644 --- a/.tekton/wait-for-image-task.yaml +++ b/.tekton/wait-for-image-task.yaml @@ -36,10 +36,10 @@ spec: infos="$(skopeo inspect \ --retry-times 10 \ - --format '{{.Digest}}\n{{ index .Labels "vcs-ref" }}\n{{ index .Labels "source-location" }}' \ + --format '{{.Digest}} {{ index .Labels "vcs-ref" }} {{ index .Labels "source-location" }}' \ --no-tags \ "docker://$(params.IMAGE)")" - cut -f1 -d'\n' <<< "${infos}" | tee "$(results.IMAGE_DIGEST.path)" - cut -f2 -d'\n' <<< "${infos}" | tee "$(results.GIT_REF.path)" - cut -f3 -d'\n' <<< "${infos}" | tee "$(results.GIT_REPO.path)" + cut -f1 -d' ' <<< "${infos}" | tee "$(results.IMAGE_DIGEST.path)" + cut -f2 -d' ' <<< "${infos}" | tee "$(results.GIT_REF.path)" + cut -f3 -d' ' <<< "${infos}" | tee "$(results.GIT_REPO.path)" From f2f62be8ca3bc4651ffdd880bfffb46eb9ae2cc3 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 19 Dec 2024 15:10:38 +0100 Subject: [PATCH 47/92] attempt to move create-acs-style-snapshot to finally --- .tekton/operator-bundle-pipeline.yaml | 185 ++++++++++++-------------- 1 file changed, 88 insertions(+), 97 deletions(-) diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index b21367277a184..3e3380f1fe0ee 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -5,7 +5,95 @@ metadata: spec: finally: + - name: create-acs-style-snapshot + params: + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: IMAGE_REFS + value: | + [ + { + "component": "central-db", + "ref": "$(params.central-db-image-build-repo)@$(tasks.wait-for-central-db-image.results.IMAGE_DIGEST)", + "repository": "$(params.git-url)", + "revision": "$(params.revision)" + }, + { + "component": "collector", + "ref": "$(params.collector-full-image-build-repo)@$(tasks.wait-for-collector-full-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-collector-full-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-collector-full-image.results.GIT_REF)" + }, + { + "component": "main", + "ref": "$(params.main-image-build-repo)@$(tasks.wait-for-main-image.results.IMAGE_DIGEST)", + "repository": "$(params.git-url)", + "revision": "$(params.revision)" + }, + { + "component": "operator", + "ref": "$(params.operator-image-build-repo)@$(tasks.wait-for-operator-image.results.IMAGE_DIGEST)", + "repository": "$(params.git-url)", + "revision": "$(params.revision)" + }, + { + "component": "operator-bundle", + "ref": "$(params.output-image-repo)@$(tasks.build-container.results.IMAGE_DIGEST)", + "repository": "$(params.git-url)", + "revision": "$(params.revision)" + }, + { + "component": "roxctl", + "ref": "$(params.roxctl-image-build-repo)@$(tasks.wait-for-roxctl-image.results.IMAGE_DIGEST)", + "repository": "$(params.git-url)", + "revision": "$(params.revision)" + }, + { + "component": "scanner", + "ref": "$(params.scanner-image-build-repo)@$(tasks.wait-for-scanner-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-scanner-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-scanner-image.results.GIT_REF)" + }, + { + "component": "scanner-db", + "ref": "$(params.scanner-db-image-build-repo)@$(tasks.wait-for-scanner-db-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-scanner-db-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-scanner-db-image.results.GIT_REF)" + }, + { + "component": "scanner-db-slim", + "ref": "$(params.scanner-db-slim-image-build-repo)@$(tasks.wait-for-scanner-db-slim-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-scanner-db-slim-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-scanner-db-slim-image.results.GIT_REF)" + }, + { + "component": "scanner-slim", + "ref": "$(params.scanner-slim-image-build-repo)@$(tasks.wait-for-scanner-slim-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-scanner-slim-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-scanner-slim-image.results.GIT_REF)" + }, + { + "component": "scanner-v4", + "ref": "$(params.scanner-v4-image-build-repo)@$(tasks.wait-for-scanner-v4-image.results.IMAGE_DIGEST)", + "repository": "$(params.git-url)", + "revision": "$(params.revision)" + }, + { + "component": "scanner-v4-db", + "ref": "$(params.scanner-v4-db-image-build-repo)@$(tasks.wait-for-scanner-v4-db-image.results.IMAGE_DIGEST)", + "repository": "$(params.git-url)", + "revision": "$(params.revision)" + } + ] + - name: MAIN_IMAGE_TAG + value: $(tasks.determine-main-image-tag.results.IMAGE_TAG) + taskRef: + name: create-snapshot + - name: slack-notification + runAfter: + - show-sbom + - create-acs-style-snapshot params: - name: message value: ':x: `{{event_type}}` pipeline for (`$(params.output-image-repo)`, revision <$(params.git-url)/commit/$(params.revision)|$(params.revision)>) has failed.' @@ -661,100 +749,3 @@ spec: - name: kind value: task resolver: bundles - - - name: create-acs-style-snapshot - # Explicitly running after all other tasks to ensure that - # - there are no failures that should prevent a release of the operator-bundle image (missing RPMs signatures, deprecated base images, ...) - # - the source image is present as it is required by EC - runAfter: - - apply-tags - - build-source-image - - clair-scan - - clamav-scan - - deprecated-base-image-check - - rpms-signature-scan - - sast-snyk-check - - push-dockerfile - params: - - name: SOURCE_ARTIFACT - value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - - name: IMAGE_REFS - value: | - [ - { - "component": "central-db", - "ref": "$(params.central-db-image-build-repo)@$(tasks.wait-for-central-db-image.results.IMAGE_DIGEST)", - "repository": "$(params.git-url)", - "revision": "$(params.revision)" - }, - { - "component": "collector", - "ref": "$(params.collector-full-image-build-repo)@$(tasks.wait-for-collector-full-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-collector-full-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-collector-full-image.results.GIT_REF)" - }, - { - "component": "main", - "ref": "$(params.main-image-build-repo)@$(tasks.wait-for-main-image.results.IMAGE_DIGEST)", - "repository": "$(params.git-url)", - "revision": "$(params.revision)" - }, - { - "component": "operator", - "ref": "$(params.operator-image-build-repo)@$(tasks.wait-for-operator-image.results.IMAGE_DIGEST)", - "repository": "$(params.git-url)", - "revision": "$(params.revision)" - }, - { - "component": "operator-bundle", - "ref": "$(params.output-image-repo)@$(tasks.build-container.results.IMAGE_DIGEST)", - "repository": "$(params.git-url)", - "revision": "$(params.revision)" - }, - { - "component": "roxctl", - "ref": "$(params.roxctl-image-build-repo)@$(tasks.wait-for-roxctl-image.results.IMAGE_DIGEST)", - "repository": "$(params.git-url)", - "revision": "$(params.revision)" - }, - { - "component": "scanner", - "ref": "$(params.scanner-image-build-repo)@$(tasks.wait-for-scanner-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-scanner-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-scanner-image.results.GIT_REF)" - }, - { - "component": "scanner-db", - "ref": "$(params.scanner-db-image-build-repo)@$(tasks.wait-for-scanner-db-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-scanner-db-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-scanner-db-image.results.GIT_REF)" - }, - { - "component": "scanner-db-slim", - "ref": "$(params.scanner-db-slim-image-build-repo)@$(tasks.wait-for-scanner-db-slim-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-scanner-db-slim-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-scanner-db-slim-image.results.GIT_REF)" - }, - { - "component": "scanner-slim", - "ref": "$(params.scanner-slim-image-build-repo)@$(tasks.wait-for-scanner-slim-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-scanner-slim-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-scanner-slim-image.results.GIT_REF)" - }, - { - "component": "scanner-v4", - "ref": "$(params.scanner-v4-image-build-repo)@$(tasks.wait-for-scanner-v4-image.results.IMAGE_DIGEST)", - "repository": "$(params.git-url)", - "revision": "$(params.revision)" - }, - { - "component": "scanner-v4-db", - "ref": "$(params.scanner-v4-db-image-build-repo)@$(tasks.wait-for-scanner-v4-db-image.results.IMAGE_DIGEST)", - "repository": "$(params.git-url)", - "revision": "$(params.revision)" - } - ] - - name: MAIN_IMAGE_TAG - value: $(tasks.determine-main-image-tag.results.IMAGE_TAG) - taskRef: - name: create-snapshot From 792d458ab80bb4412e4d3100d6ea6a5aa0a649cf Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 19 Dec 2024 15:12:29 +0100 Subject: [PATCH 48/92] Revert "attempt to move create-acs-style-snapshot to finally" This reverts commit f2f62be8ca3bc4651ffdd880bfffb46eb9ae2cc3. --- .tekton/operator-bundle-pipeline.yaml | 185 ++++++++++++++------------ 1 file changed, 97 insertions(+), 88 deletions(-) diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index 3e3380f1fe0ee..b21367277a184 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -5,95 +5,7 @@ metadata: spec: finally: - - name: create-acs-style-snapshot - params: - - name: SOURCE_ARTIFACT - value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - - name: IMAGE_REFS - value: | - [ - { - "component": "central-db", - "ref": "$(params.central-db-image-build-repo)@$(tasks.wait-for-central-db-image.results.IMAGE_DIGEST)", - "repository": "$(params.git-url)", - "revision": "$(params.revision)" - }, - { - "component": "collector", - "ref": "$(params.collector-full-image-build-repo)@$(tasks.wait-for-collector-full-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-collector-full-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-collector-full-image.results.GIT_REF)" - }, - { - "component": "main", - "ref": "$(params.main-image-build-repo)@$(tasks.wait-for-main-image.results.IMAGE_DIGEST)", - "repository": "$(params.git-url)", - "revision": "$(params.revision)" - }, - { - "component": "operator", - "ref": "$(params.operator-image-build-repo)@$(tasks.wait-for-operator-image.results.IMAGE_DIGEST)", - "repository": "$(params.git-url)", - "revision": "$(params.revision)" - }, - { - "component": "operator-bundle", - "ref": "$(params.output-image-repo)@$(tasks.build-container.results.IMAGE_DIGEST)", - "repository": "$(params.git-url)", - "revision": "$(params.revision)" - }, - { - "component": "roxctl", - "ref": "$(params.roxctl-image-build-repo)@$(tasks.wait-for-roxctl-image.results.IMAGE_DIGEST)", - "repository": "$(params.git-url)", - "revision": "$(params.revision)" - }, - { - "component": "scanner", - "ref": "$(params.scanner-image-build-repo)@$(tasks.wait-for-scanner-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-scanner-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-scanner-image.results.GIT_REF)" - }, - { - "component": "scanner-db", - "ref": "$(params.scanner-db-image-build-repo)@$(tasks.wait-for-scanner-db-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-scanner-db-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-scanner-db-image.results.GIT_REF)" - }, - { - "component": "scanner-db-slim", - "ref": "$(params.scanner-db-slim-image-build-repo)@$(tasks.wait-for-scanner-db-slim-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-scanner-db-slim-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-scanner-db-slim-image.results.GIT_REF)" - }, - { - "component": "scanner-slim", - "ref": "$(params.scanner-slim-image-build-repo)@$(tasks.wait-for-scanner-slim-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-scanner-slim-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-scanner-slim-image.results.GIT_REF)" - }, - { - "component": "scanner-v4", - "ref": "$(params.scanner-v4-image-build-repo)@$(tasks.wait-for-scanner-v4-image.results.IMAGE_DIGEST)", - "repository": "$(params.git-url)", - "revision": "$(params.revision)" - }, - { - "component": "scanner-v4-db", - "ref": "$(params.scanner-v4-db-image-build-repo)@$(tasks.wait-for-scanner-v4-db-image.results.IMAGE_DIGEST)", - "repository": "$(params.git-url)", - "revision": "$(params.revision)" - } - ] - - name: MAIN_IMAGE_TAG - value: $(tasks.determine-main-image-tag.results.IMAGE_TAG) - taskRef: - name: create-snapshot - - name: slack-notification - runAfter: - - show-sbom - - create-acs-style-snapshot params: - name: message value: ':x: `{{event_type}}` pipeline for (`$(params.output-image-repo)`, revision <$(params.git-url)/commit/$(params.revision)|$(params.revision)>) has failed.' @@ -749,3 +661,100 @@ spec: - name: kind value: task resolver: bundles + + - name: create-acs-style-snapshot + # Explicitly running after all other tasks to ensure that + # - there are no failures that should prevent a release of the operator-bundle image (missing RPMs signatures, deprecated base images, ...) + # - the source image is present as it is required by EC + runAfter: + - apply-tags + - build-source-image + - clair-scan + - clamav-scan + - deprecated-base-image-check + - rpms-signature-scan + - sast-snyk-check + - push-dockerfile + params: + - name: SOURCE_ARTIFACT + value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) + - name: IMAGE_REFS + value: | + [ + { + "component": "central-db", + "ref": "$(params.central-db-image-build-repo)@$(tasks.wait-for-central-db-image.results.IMAGE_DIGEST)", + "repository": "$(params.git-url)", + "revision": "$(params.revision)" + }, + { + "component": "collector", + "ref": "$(params.collector-full-image-build-repo)@$(tasks.wait-for-collector-full-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-collector-full-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-collector-full-image.results.GIT_REF)" + }, + { + "component": "main", + "ref": "$(params.main-image-build-repo)@$(tasks.wait-for-main-image.results.IMAGE_DIGEST)", + "repository": "$(params.git-url)", + "revision": "$(params.revision)" + }, + { + "component": "operator", + "ref": "$(params.operator-image-build-repo)@$(tasks.wait-for-operator-image.results.IMAGE_DIGEST)", + "repository": "$(params.git-url)", + "revision": "$(params.revision)" + }, + { + "component": "operator-bundle", + "ref": "$(params.output-image-repo)@$(tasks.build-container.results.IMAGE_DIGEST)", + "repository": "$(params.git-url)", + "revision": "$(params.revision)" + }, + { + "component": "roxctl", + "ref": "$(params.roxctl-image-build-repo)@$(tasks.wait-for-roxctl-image.results.IMAGE_DIGEST)", + "repository": "$(params.git-url)", + "revision": "$(params.revision)" + }, + { + "component": "scanner", + "ref": "$(params.scanner-image-build-repo)@$(tasks.wait-for-scanner-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-scanner-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-scanner-image.results.GIT_REF)" + }, + { + "component": "scanner-db", + "ref": "$(params.scanner-db-image-build-repo)@$(tasks.wait-for-scanner-db-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-scanner-db-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-scanner-db-image.results.GIT_REF)" + }, + { + "component": "scanner-db-slim", + "ref": "$(params.scanner-db-slim-image-build-repo)@$(tasks.wait-for-scanner-db-slim-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-scanner-db-slim-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-scanner-db-slim-image.results.GIT_REF)" + }, + { + "component": "scanner-slim", + "ref": "$(params.scanner-slim-image-build-repo)@$(tasks.wait-for-scanner-slim-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-scanner-slim-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-scanner-slim-image.results.GIT_REF)" + }, + { + "component": "scanner-v4", + "ref": "$(params.scanner-v4-image-build-repo)@$(tasks.wait-for-scanner-v4-image.results.IMAGE_DIGEST)", + "repository": "$(params.git-url)", + "revision": "$(params.revision)" + }, + { + "component": "scanner-v4-db", + "ref": "$(params.scanner-v4-db-image-build-repo)@$(tasks.wait-for-scanner-v4-db-image.results.IMAGE_DIGEST)", + "repository": "$(params.git-url)", + "revision": "$(params.revision)" + } + ] + - name: MAIN_IMAGE_TAG + value: $(tasks.determine-main-image-tag.results.IMAGE_TAG) + taskRef: + name: create-snapshot From a245624c223f482d05e3268e872fc647d2dcc436 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 19 Dec 2024 15:47:31 +0100 Subject: [PATCH 49/92] add a CI job that confirms whether all other tasks are mentioned in the runAfter --- .github/workflows/style.yaml | 3 +++ .tekton/operator-bundle-pipeline.yaml | 20 +++++++++++++++++++- scripts/check-konflux-pipelines.sh | 21 +++++++++++++++++++++ scripts/ci/jobs/check-konflux-pipelines.sh | 18 ++++++++++++++++++ 4 files changed, 61 insertions(+), 1 deletion(-) create mode 100755 scripts/check-konflux-pipelines.sh create mode 100755 scripts/ci/jobs/check-konflux-pipelines.sh diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml index 1919cab47fcaf..4c2940356717b 100644 --- a/.github/workflows/style.yaml +++ b/.github/workflows/style.yaml @@ -75,6 +75,9 @@ jobs: - name: Check Policies run: scripts/ci/jobs/policy-checks.sh + - name: Check Konflux pipeline modifications + run: scripts/ci/jobs/check-konflux-pipelines.sh + style-check: runs-on: ubuntu-latest container: diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index b21367277a184..13e781d4b5fe9 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -668,13 +668,31 @@ spec: # - the source image is present as it is required by EC runAfter: - apply-tags + - build-container - build-source-image - clair-scan - clamav-scan + - clone-repository - deprecated-base-image-check + - determine-main-image-tag + - determine-operator-image-tag + - init + - prefetch-dependencies + - push-dockerfile - rpms-signature-scan - sast-snyk-check - - push-dockerfile + - wait-for-central-db-image + - wait-for-collector-full-image + - wait-for-collector-slim-image + - wait-for-main-image + - wait-for-operator-image + - wait-for-roxctl-image + - wait-for-scanner-db-image + - wait-for-scanner-db-slim-image + - wait-for-scanner-image + - wait-for-scanner-slim-image + - wait-for-scanner-v4-db-image + - wait-for-scanner-v4-image params: - name: SOURCE_ARTIFACT value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) diff --git a/scripts/check-konflux-pipelines.sh b/scripts/check-konflux-pipelines.sh new file mode 100755 index 0000000000000..2d54dca48aa8e --- /dev/null +++ b/scripts/check-konflux-pipelines.sh @@ -0,0 +1,21 @@ +#!/usr/bin/env bash + +# This script is to ensure that modifications to our Konflux pipelines follow our expectations and conventions. + +set -euo pipefail + +ensure_create_snapshot_runs_last() { + expected_runafter="$(yq '.spec.tasks[] | select(.name != "create-acs-style-snapshot") | .name ' .tekton/operator-bundle-pipeline.yaml | sort)" + actual_runafter="$(yq '.spec.tasks[] | select(.name == "create-acs-style-snapshot") | .runAfter[]' .tekton/operator-bundle-pipeline.yaml)" + + if [ "${expected_runafter}" != "${actual_runafter}" ]; then + echo >&2 -e """ + ERROR: + Ensure that all previous tasks in the operator-bundle pipeline are mentioned + in the runAfter parameter for the create-acs-style-snapshot task. + """ + exit 1 + fi +} + +ensure_create_snapshot_runs_last diff --git a/scripts/ci/jobs/check-konflux-pipelines.sh b/scripts/ci/jobs/check-konflux-pipelines.sh new file mode 100755 index 0000000000000..5f8c13a01dd57 --- /dev/null +++ b/scripts/ci/jobs/check-konflux-pipelines.sh @@ -0,0 +1,18 @@ +#!/usr/bin/env bash + +# This script is intended to be run in CI, and tells you whether modifications to +# Konflux pipelines follow our expectations and conventions. + +ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")"/../../.. && pwd)" +# shellcheck source=../../../scripts/ci/lib.sh +source "$ROOT/scripts/ci/lib.sh" + +set -euo pipefail + +check-konflux-pipelines() { + echo "Ensure that modifications to our Konflux pipelines follow our expectations and conventions" + + "$ROOT/scripts/check-konflux-pipelines.sh" +} + +check-konflux-pipelines From 6d9f48cb5bbec49eb040a89d8a6a5f0afbe939a3 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 19 Dec 2024 15:52:55 +0100 Subject: [PATCH 50/92] debug where i am --- scripts/check-konflux-pipelines.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/scripts/check-konflux-pipelines.sh b/scripts/check-konflux-pipelines.sh index 2d54dca48aa8e..55573a1edbf64 100755 --- a/scripts/check-konflux-pipelines.sh +++ b/scripts/check-konflux-pipelines.sh @@ -2,10 +2,12 @@ # This script is to ensure that modifications to our Konflux pipelines follow our expectations and conventions. -set -euo pipefail +set -exuo pipefail ensure_create_snapshot_runs_last() { - expected_runafter="$(yq '.spec.tasks[] | select(.name != "create-acs-style-snapshot") | .name ' .tekton/operator-bundle-pipeline.yaml | sort)" + pwd + ls -lisa + expected_runafter="$(yq '.spec.tasks[] | select(.name != "create-acs-style-snapshot") | .name' .tekton/operator-bundle-pipeline.yaml | sort)" actual_runafter="$(yq '.spec.tasks[] | select(.name == "create-acs-style-snapshot") | .runAfter[]' .tekton/operator-bundle-pipeline.yaml)" if [ "${expected_runafter}" != "${actual_runafter}" ]; then From 42c8117253642bf0c3d7befdcd06b81ecee7eb2f Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 19 Dec 2024 16:00:15 +0100 Subject: [PATCH 51/92] fix: yq *eval* --- scripts/check-konflux-pipelines.sh | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/scripts/check-konflux-pipelines.sh b/scripts/check-konflux-pipelines.sh index 55573a1edbf64..c3423fdc1f8e6 100755 --- a/scripts/check-konflux-pipelines.sh +++ b/scripts/check-konflux-pipelines.sh @@ -2,13 +2,11 @@ # This script is to ensure that modifications to our Konflux pipelines follow our expectations and conventions. -set -exuo pipefail +set -euo pipefail ensure_create_snapshot_runs_last() { - pwd - ls -lisa - expected_runafter="$(yq '.spec.tasks[] | select(.name != "create-acs-style-snapshot") | .name' .tekton/operator-bundle-pipeline.yaml | sort)" - actual_runafter="$(yq '.spec.tasks[] | select(.name == "create-acs-style-snapshot") | .runAfter[]' .tekton/operator-bundle-pipeline.yaml)" + expected_runafter="$(yq eval '.spec.tasks[] | select(.name != "create-acs-style-snapshot") | .name' .tekton/operator-bundle-pipeline.yaml | sort)" + actual_runafter="$(yq eval '.spec.tasks[] | select(.name == "create-acs-style-snapshot") | .runAfter[]' .tekton/operator-bundle-pipeline.yaml)" if [ "${expected_runafter}" != "${actual_runafter}" ]; then echo >&2 -e """ From 9c3bbbb39d43450ad7679b348ee1c17e7117d973 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Fri, 20 Dec 2024 08:31:45 +0100 Subject: [PATCH 52/92] add namespace to the snapshot --- .konflux/scripts/render_snapshot.py | 4 ++++ .tekton/create-snapshot-task.yaml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/.konflux/scripts/render_snapshot.py b/.konflux/scripts/render_snapshot.py index 2c9a8f6f63984..a5758e91beba1 100755 --- a/.konflux/scripts/render_snapshot.py +++ b/.konflux/scripts/render_snapshot.py @@ -31,6 +31,7 @@ def construct_snapshot( snapshot_name_prefix, snapshot_version_suffix, pipeline_run_name, + namespace, application, components ): @@ -41,6 +42,7 @@ def construct_snapshot( "kind": "Snapshot", "metadata": { "name": snapshot_name, + "namespace": namespace, "labels": { "appstudio.openshift.io/build-pipelinerun": pipeline_run_name } @@ -60,6 +62,7 @@ def determine_component_version_suffix(application): if __name__ == '__main__': application = os.environ["APPLICATION"] pipeline_run_name = os.environ["PIPELINE_RUN_NAME"] + namespace = os.environ["NAMESPACE"] image_refs = parse_image_refs(os.environ["IMAGE_REFS"]) main_image_tag = os.environ["MAIN_IMAGE_TAG"] name_suffix = determine_component_version_suffix(application) @@ -68,6 +71,7 @@ def determine_component_version_suffix(application): snapshot_name_prefix=application, snapshot_version_suffix=main_image_tag, pipeline_run_name=pipeline_run_name, + namespace=namespace, application=application, components=components ) diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index 426cd1593c612..fd172854bde08 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -39,6 +39,10 @@ spec: valueFrom: fieldRef: fieldPath: metadata.labels['appstudio.openshift.io/application'] + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace - name: PIPELINE_RUN_NAME valueFrom: fieldRef: From d9202fa536edc937e4795b8960af8627617b8559 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Fri, 20 Dec 2024 08:56:07 +0100 Subject: [PATCH 53/92] validate component --- .konflux/scripts/render_snapshot.py | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.konflux/scripts/render_snapshot.py b/.konflux/scripts/render_snapshot.py index a5758e91beba1..7f380285db717 100755 --- a/.konflux/scripts/render_snapshot.py +++ b/.konflux/scripts/render_snapshot.py @@ -3,18 +3,28 @@ import datetime import json import os -import time def parse_image_refs(image_refs): return json.loads(image_refs) +def validate_component(component): + assert ( + component["component"] != "" + or component["ref"] != "" + or component["revision"] != "" + or component["repository"] != "" + ), "Component must have component name, ref, revision and repository set. Check container image labels." + + def process_component(component, name_suffix): + validate_component(component) if name_suffix != "": name = f"{component['component']}-{name_suffix}" else: name = component["component"] + return { "containerImage": component["ref"], "name": name, From 65fa839e148d7ba263f35e426372633d8fc52a44 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Fri, 20 Dec 2024 10:49:03 +0100 Subject: [PATCH 54/92] fix: no empty line at end of result --- .tekton/wait-for-image-task.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.tekton/wait-for-image-task.yaml b/.tekton/wait-for-image-task.yaml index d8d0a03dd992e..1bf937381da09 100644 --- a/.tekton/wait-for-image-task.yaml +++ b/.tekton/wait-for-image-task.yaml @@ -40,6 +40,6 @@ spec: --no-tags \ "docker://$(params.IMAGE)")" - cut -f1 -d' ' <<< "${infos}" | tee "$(results.IMAGE_DIGEST.path)" - cut -f2 -d' ' <<< "${infos}" | tee "$(results.GIT_REF.path)" - cut -f3 -d' ' <<< "${infos}" | tee "$(results.GIT_REPO.path)" + echo -n $(cut -f1 -d' ' <<< "${infos}") | tee "$(results.IMAGE_DIGEST.path)" + echo -n $(cut -f2 -d' ' <<< "${infos}") | tee "$(results.GIT_REF.path)" + echo -n $(cut -f3 -d' ' <<< "${infos}") | tee "$(results.GIT_REPO.path)" From c87fd5fc0f26269f5791755e6a9832aa19369f65 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Fri, 20 Dec 2024 10:59:49 +0100 Subject: [PATCH 55/92] or->and --- .konflux/scripts/render_snapshot.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.konflux/scripts/render_snapshot.py b/.konflux/scripts/render_snapshot.py index 7f380285db717..93f2705c4ab26 100755 --- a/.konflux/scripts/render_snapshot.py +++ b/.konflux/scripts/render_snapshot.py @@ -12,9 +12,9 @@ def parse_image_refs(image_refs): def validate_component(component): assert ( component["component"] != "" - or component["ref"] != "" - or component["revision"] != "" - or component["repository"] != "" + and component["ref"] != "" + and component["revision"] != "" + and component["repository"] != "" ), "Component must have component name, ref, revision and repository set. Check container image labels." From a10584c9626485c342a550a482ebe19ddc0b848c Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Fri, 20 Dec 2024 11:36:00 +0100 Subject: [PATCH 56/92] apply suggestions from code review to the style job --- scripts/check-konflux-pipelines.sh | 21 ---------------- scripts/ci/jobs/check-konflux-pipelines.sh | 29 ++++++++++++++-------- 2 files changed, 19 insertions(+), 31 deletions(-) delete mode 100755 scripts/check-konflux-pipelines.sh diff --git a/scripts/check-konflux-pipelines.sh b/scripts/check-konflux-pipelines.sh deleted file mode 100755 index c3423fdc1f8e6..0000000000000 --- a/scripts/check-konflux-pipelines.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env bash - -# This script is to ensure that modifications to our Konflux pipelines follow our expectations and conventions. - -set -euo pipefail - -ensure_create_snapshot_runs_last() { - expected_runafter="$(yq eval '.spec.tasks[] | select(.name != "create-acs-style-snapshot") | .name' .tekton/operator-bundle-pipeline.yaml | sort)" - actual_runafter="$(yq eval '.spec.tasks[] | select(.name == "create-acs-style-snapshot") | .runAfter[]' .tekton/operator-bundle-pipeline.yaml)" - - if [ "${expected_runafter}" != "${actual_runafter}" ]; then - echo >&2 -e """ - ERROR: - Ensure that all previous tasks in the operator-bundle pipeline are mentioned - in the runAfter parameter for the create-acs-style-snapshot task. - """ - exit 1 - fi -} - -ensure_create_snapshot_runs_last diff --git a/scripts/ci/jobs/check-konflux-pipelines.sh b/scripts/ci/jobs/check-konflux-pipelines.sh index 5f8c13a01dd57..376b9996da91f 100755 --- a/scripts/ci/jobs/check-konflux-pipelines.sh +++ b/scripts/ci/jobs/check-konflux-pipelines.sh @@ -1,18 +1,27 @@ #!/usr/bin/env bash -# This script is intended to be run in CI, and tells you whether modifications to -# Konflux pipelines follow our expectations and conventions. - -ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")"/../../.. && pwd)" -# shellcheck source=../../../scripts/ci/lib.sh -source "$ROOT/scripts/ci/lib.sh" +# This script is to ensure that modifications to our Konflux pipelines follow our expectations and conventions. +# This script is intended to be run in CI set -euo pipefail -check-konflux-pipelines() { - echo "Ensure that modifications to our Konflux pipelines follow our expectations and conventions" +ensure_create_snapshot_runs_last() { + expected_runafter="$(yq eval '.spec.tasks[] | select(.name != "create-acs-style-snapshot") | .name' .tekton/operator-bundle-pipeline.yaml | sort)" + actual_runafter="$(yq eval '.spec.tasks[] | select(.name == "create-acs-style-snapshot") | .runAfter[]' .tekton/operator-bundle-pipeline.yaml)" + + if ! DIFF=$(diff <(echo "${expected_runafter}") <(echo "${actual_runafter}")); then + echo >&2 -e """ + ERROR: + Ensure that all previous tasks in the operator-bundle pipeline are mentioned + in the runAfter parameter for the create-acs-style-snapshot task. + + This is what is different: - "$ROOT/scripts/check-konflux-pipelines.sh" + $DIFF + """ + exit 1 + fi } -check-konflux-pipelines +echo "Ensure that modifications to our Konflux pipelines follow our expectations and conventions" +ensure_create_snapshot_runs_last From 656c9704be6079739c1aac43e0c5dc717e0dc324 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Fri, 20 Dec 2024 13:50:24 +0100 Subject: [PATCH 57/92] full speed ahead --- .tekton/operator-bundle-pipeline.yaml | 735 ++++++++++++-------------- 1 file changed, 334 insertions(+), 401 deletions(-) diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index 13e781d4b5fe9..f0ed10fdee2f5 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -336,86 +336,86 @@ spec: - name: git-basic-auth workspace: git-auth - - name: wait-for-operator-image - params: - - name: IMAGE - value: "$(params.operator-image-build-repo):$(tasks.determine-operator-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - # This timeout must be the same as the pipeline timeout in `operator-build.yaml`. - timeout: 1h10m - - - name: wait-for-main-image - params: - - name: IMAGE - value: "$(params.main-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - # This timeout must be the same as the pipeline timeout in `main-build.yaml`. - timeout: 2h40m - - - name: wait-for-scanner-image - params: - - name: IMAGE - value: "$(params.scanner-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - # This timeout must be the same as the pipeline timeout in `scanner-retag.yaml` - timeout: 40m - - - name: wait-for-scanner-db-image - params: - - name: IMAGE - value: "$(params.scanner-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - # This timeout must be the same as the pipeline timeout in `scanner-db-retag.yaml` - timeout: 40m - - - name: wait-for-scanner-slim-image - params: - - name: IMAGE - value: "$(params.scanner-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - # This timeout must be the same as the pipeline timeout in `scanner-slim-retag.yaml` - timeout: 40m - - - name: wait-for-scanner-db-slim-image - params: - - name: IMAGE - value: "$(params.scanner-db-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - # This timeout must be the same as the pipeline timeout in `scanner-db-slim-retag.yaml` - timeout: 40m - - - name: wait-for-scanner-v4-image - params: - - name: IMAGE - value: "$(params.scanner-v4-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - # This timeout must be the same as the pipeline timeout in `scanner-v4-build.yaml`. - timeout: 1h10m - - - name: wait-for-scanner-v4-db-image - params: - - name: IMAGE - value: "$(params.scanner-v4-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - # This timeout must be the same as the pipeline timeout in `scanner-v4-db-build.yaml`. - timeout: 1h10m - - - name: wait-for-collector-slim-image - params: - - name: IMAGE - value: "$(params.collector-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - # The timeout must be the same as the pipeline timeout in `collector-slim-retag.yaml` - timeout: 40m + # - name: wait-for-operator-image + # params: + # - name: IMAGE + # value: "$(params.operator-image-build-repo):$(tasks.determine-operator-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # # This timeout must be the same as the pipeline timeout in `operator-build.yaml`. + # timeout: 1h10m + + # - name: wait-for-main-image + # params: + # - name: IMAGE + # value: "$(params.main-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # # This timeout must be the same as the pipeline timeout in `main-build.yaml`. + # timeout: 2h40m + + # - name: wait-for-scanner-image + # params: + # - name: IMAGE + # value: "$(params.scanner-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # # This timeout must be the same as the pipeline timeout in `scanner-retag.yaml` + # timeout: 40m + + # - name: wait-for-scanner-db-image + # params: + # - name: IMAGE + # value: "$(params.scanner-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # # This timeout must be the same as the pipeline timeout in `scanner-db-retag.yaml` + # timeout: 40m + + # - name: wait-for-scanner-slim-image + # params: + # - name: IMAGE + # value: "$(params.scanner-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # # This timeout must be the same as the pipeline timeout in `scanner-slim-retag.yaml` + # timeout: 40m + + # - name: wait-for-scanner-db-slim-image + # params: + # - name: IMAGE + # value: "$(params.scanner-db-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # # This timeout must be the same as the pipeline timeout in `scanner-db-slim-retag.yaml` + # timeout: 40m + + # - name: wait-for-scanner-v4-image + # params: + # - name: IMAGE + # value: "$(params.scanner-v4-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # # This timeout must be the same as the pipeline timeout in `scanner-v4-build.yaml`. + # timeout: 1h10m + + # - name: wait-for-scanner-v4-db-image + # params: + # - name: IMAGE + # value: "$(params.scanner-v4-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # # This timeout must be the same as the pipeline timeout in `scanner-v4-db-build.yaml`. + # timeout: 1h10m + + # - name: wait-for-collector-slim-image + # params: + # - name: IMAGE + # value: "$(params.collector-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # # The timeout must be the same as the pipeline timeout in `collector-slim-retag.yaml` + # timeout: 40m - name: wait-for-collector-full-image params: @@ -426,350 +426,283 @@ spec: # The timeout must be the same as the pipeline timeout in `collector-full-retag.yaml` timeout: 40m - - name: wait-for-roxctl-image - params: - - name: IMAGE - value: "$(params.roxctl-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - # This timeout must be the same as the pipeline timeout in `roxctl-build.yaml`. - timeout: 1h10m - - - name: wait-for-central-db-image - params: - - name: IMAGE - value: "$(params.central-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - # This timeout must be the same as the pipeline timeout in `central-db-build.yaml`. - timeout: 1h40m - - - name: build-container - params: - - name: IMAGE - # Note the operator bundle tag is prefixed with "v". - value: $(params.output-image-repo):v$(tasks.determine-operator-image-tag.results.IMAGE_TAG) - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: HERMETIC - value: $(params.hermetic) - - name: PREFETCH_INPUT - value: $(params.prefetch-input) - - name: IMAGE_EXPIRES_AFTER - value: $(params.image-expires-after) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - - name: BUILD_ARGS - value: - - OPERATOR_IMAGE_TAG=$(tasks.determine-operator-image-tag.results.IMAGE_TAG) - - OPERATOR_IMAGE_REF=$(params.operator-image-catalog-repo)@$(tasks.wait-for-operator-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_MAIN=$(params.main-image-catalog-repo)@$(tasks.wait-for-main-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_SCANNER=$(params.scanner-image-catalog-repo)@$(tasks.wait-for-scanner-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_SCANNER_DB=$(params.scanner-db-image-catalog-repo)@$(tasks.wait-for-scanner-db-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_SCANNER_SLIM=$(params.scanner-slim-image-catalog-repo)@$(tasks.wait-for-scanner-slim-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_SCANNER_DB_SLIM=$(params.scanner-db-slim-image-catalog-repo)@$(tasks.wait-for-scanner-db-slim-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_SCANNER_V4=$(params.scanner-v4-image-catalog-repo)@$(tasks.wait-for-scanner-v4-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_SCANNER_V4_DB=$(params.scanner-v4-db-image-catalog-repo)@$(tasks.wait-for-scanner-v4-db-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_COLLECTOR_SLIM=$(params.collector-slim-image-catalog-repo)@$(tasks.wait-for-collector-slim-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_COLLECTOR_FULL=$(params.collector-full-image-catalog-repo)@$(tasks.wait-for-collector-full-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_ROXCTL=$(params.roxctl-image-catalog-repo)@$(tasks.wait-for-roxctl-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_CENTRAL_DB=$(params.central-db-image-catalog-repo)@$(tasks.wait-for-central-db-image.results.IMAGE_DIGEST) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - taskRef: - params: - - name: name - value: buildah-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.2@sha256:ea5f13f235f98e9f0da599439f0b62b729901a5b6ad8d673daf3821f3f9cb66f - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: [ "true" ] - - - name: apply-tags - params: - - name: IMAGE - value: $(tasks.build-container.results.IMAGE_URL) - - name: ADDITIONAL_TAGS - value: - - konflux-$(params.revision) - taskRef: - params: - - name: name - value: apply-tags - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:87fd7fc0e937aad1a8db9b6e377d7e444f53394dafde512d68adbea6966a4702 - - name: kind - value: task - resolver: bundles - - - name: build-source-image - params: - - name: BINARY_IMAGE - value: $(tasks.build-container.results.IMAGE_URL) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - taskRef: - params: - - name: name - value: source-build-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.1@sha256:bd786bc1d33391bb169f98a1070d1a39e410b835f05fd0db0263754c65bd9bea - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: [ "true" ] - - input: $(params.build-source-image) - operator: in - values: [ "true" ] - - - name: deprecated-base-image-check - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - taskRef: - params: - - name: name - value: deprecated-image-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:5a1a165fa02270f0a947d8a2131ee9d8be0b8e9d34123828c2bef589e504ee84 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: [ "false" ] - - - name: clair-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - taskRef: - params: - - name: name - value: clair-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:0a5421111e7092740398691d5bd7c125cc0896f29531d19414bb5724ae41692a - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: [ "false" ] - - - name: sast-snyk-check - params: - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - taskRef: - params: - - name: name - value: sast-snyk-check-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:65a213322ea7c64159e37071d369d74b6378b23403150e29537865cada90f022 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: [ "false" ] - - - name: clamav-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - taskRef: - params: - - name: name - value: clamav-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:b4f450f1447b166da671f1d5819ab5a1485083e5c27ab91f7d8b7a2ff994c8c2 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: [ "false" ] - - - name: rpms-signature-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - taskRef: - params: - - name: name - value: rpms-signature-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:28aaf87d61078a0aeeeabcae455eda7d05c4f9b81d8995bdcf3dde95c1a7a77b - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: ["false"] - - - name: push-dockerfile - params: - - name: IMAGE - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - taskRef: - params: - - name: name - value: push-dockerfile-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:80d48a1b9d2707490309941ec9f79338533938f959ca9a207b481b0e8a5e7a93 - - name: kind - value: task - resolver: bundles + # - name: wait-for-roxctl-image + # params: + # - name: IMAGE + # value: "$(params.roxctl-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # # This timeout must be the same as the pipeline timeout in `roxctl-build.yaml`. + # timeout: 1h10m + + # - name: wait-for-central-db-image + # params: + # - name: IMAGE + # value: "$(params.central-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # # This timeout must be the same as the pipeline timeout in `central-db-build.yaml`. + # timeout: 1h40m + + # - name: build-container + # params: + # - name: IMAGE + # # Note the operator bundle tag is prefixed with "v". + # value: $(params.output-image-repo):v$(tasks.determine-operator-image-tag.results.IMAGE_TAG) + # - name: DOCKERFILE + # value: $(params.dockerfile) + # - name: CONTEXT + # value: $(params.path-context) + # - name: HERMETIC + # value: $(params.hermetic) + # - name: PREFETCH_INPUT + # value: $(params.prefetch-input) + # - name: IMAGE_EXPIRES_AFTER + # value: $(params.image-expires-after) + # - name: COMMIT_SHA + # value: $(tasks.clone-repository.results.commit) + # - name: BUILD_ARGS + # value: + # - OPERATOR_IMAGE_TAG=$(tasks.determine-operator-image-tag.results.IMAGE_TAG) + # - OPERATOR_IMAGE_REF=$(params.operator-image-catalog-repo)@$(tasks.wait-for-operator-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_MAIN=$(params.main-image-catalog-repo)@$(tasks.wait-for-main-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_SCANNER=$(params.scanner-image-catalog-repo)@$(tasks.wait-for-scanner-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_SCANNER_DB=$(params.scanner-db-image-catalog-repo)@$(tasks.wait-for-scanner-db-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_SCANNER_SLIM=$(params.scanner-slim-image-catalog-repo)@$(tasks.wait-for-scanner-slim-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_SCANNER_DB_SLIM=$(params.scanner-db-slim-image-catalog-repo)@$(tasks.wait-for-scanner-db-slim-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_SCANNER_V4=$(params.scanner-v4-image-catalog-repo)@$(tasks.wait-for-scanner-v4-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_SCANNER_V4_DB=$(params.scanner-v4-db-image-catalog-repo)@$(tasks.wait-for-scanner-v4-db-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_COLLECTOR_SLIM=$(params.collector-slim-image-catalog-repo)@$(tasks.wait-for-collector-slim-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_COLLECTOR_FULL=$(params.collector-full-image-catalog-repo)@$(tasks.wait-for-collector-full-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_ROXCTL=$(params.roxctl-image-catalog-repo)@$(tasks.wait-for-roxctl-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_CENTRAL_DB=$(params.central-db-image-catalog-repo)@$(tasks.wait-for-central-db-image.results.IMAGE_DIGEST) + # - name: SOURCE_ARTIFACT + # value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + # - name: CACHI2_ARTIFACT + # value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + # taskRef: + # params: + # - name: name + # value: buildah-oci-ta + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.2@sha256:ea5f13f235f98e9f0da599439f0b62b729901a5b6ad8d673daf3821f3f9cb66f + # - name: kind + # value: task + # resolver: bundles + # when: + # - input: $(tasks.init.results.build) + # operator: in + # values: [ "true" ] + + # - name: apply-tags + # params: + # - name: IMAGE + # value: $(tasks.build-container.results.IMAGE_URL) + # - name: ADDITIONAL_TAGS + # value: + # - konflux-$(params.revision) + # taskRef: + # params: + # - name: name + # value: apply-tags + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:87fd7fc0e937aad1a8db9b6e377d7e444f53394dafde512d68adbea6966a4702 + # - name: kind + # value: task + # resolver: bundles + + # - name: build-source-image + # params: + # - name: BINARY_IMAGE + # value: $(tasks.build-container.results.IMAGE_URL) + # - name: SOURCE_ARTIFACT + # value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + # - name: CACHI2_ARTIFACT + # value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + # taskRef: + # params: + # - name: name + # value: source-build-oci-ta + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.1@sha256:bd786bc1d33391bb169f98a1070d1a39e410b835f05fd0db0263754c65bd9bea + # - name: kind + # value: task + # resolver: bundles + # when: + # - input: $(tasks.init.results.build) + # operator: in + # values: [ "true" ] + # - input: $(params.build-source-image) + # operator: in + # values: [ "true" ] + + # - name: deprecated-base-image-check + # params: + # - name: IMAGE_URL + # value: $(tasks.build-container.results.IMAGE_URL) + # - name: IMAGE_DIGEST + # value: $(tasks.build-container.results.IMAGE_DIGEST) + # taskRef: + # params: + # - name: name + # value: deprecated-image-check + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:5a1a165fa02270f0a947d8a2131ee9d8be0b8e9d34123828c2bef589e504ee84 + # - name: kind + # value: task + # resolver: bundles + # when: + # - input: $(params.skip-checks) + # operator: in + # values: [ "false" ] + + # - name: clair-scan + # params: + # - name: image-digest + # value: $(tasks.build-container.results.IMAGE_DIGEST) + # - name: image-url + # value: $(tasks.build-container.results.IMAGE_URL) + # taskRef: + # params: + # - name: name + # value: clair-scan + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:0a5421111e7092740398691d5bd7c125cc0896f29531d19414bb5724ae41692a + # - name: kind + # value: task + # resolver: bundles + # when: + # - input: $(params.skip-checks) + # operator: in + # values: [ "false" ] + + # - name: sast-snyk-check + # params: + # - name: SOURCE_ARTIFACT + # value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + # - name: CACHI2_ARTIFACT + # value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + # - name: image-digest + # value: $(tasks.build-container.results.IMAGE_DIGEST) + # - name: image-url + # value: $(tasks.build-container.results.IMAGE_URL) + # taskRef: + # params: + # - name: name + # value: sast-snyk-check-oci-ta + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:65a213322ea7c64159e37071d369d74b6378b23403150e29537865cada90f022 + # - name: kind + # value: task + # resolver: bundles + # when: + # - input: $(params.skip-checks) + # operator: in + # values: [ "false" ] + + # - name: clamav-scan + # params: + # - name: image-digest + # value: $(tasks.build-container.results.IMAGE_DIGEST) + # - name: image-url + # value: $(tasks.build-container.results.IMAGE_URL) + # taskRef: + # params: + # - name: name + # value: clamav-scan + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:b4f450f1447b166da671f1d5819ab5a1485083e5c27ab91f7d8b7a2ff994c8c2 + # - name: kind + # value: task + # resolver: bundles + # when: + # - input: $(params.skip-checks) + # operator: in + # values: [ "false" ] + + # - name: rpms-signature-scan + # params: + # - name: image-digest + # value: $(tasks.build-container.results.IMAGE_DIGEST) + # - name: image-url + # value: $(tasks.build-container.results.IMAGE_URL) + # taskRef: + # params: + # - name: name + # value: rpms-signature-scan + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:28aaf87d61078a0aeeeabcae455eda7d05c4f9b81d8995bdcf3dde95c1a7a77b + # - name: kind + # value: task + # resolver: bundles + # when: + # - input: $(params.skip-checks) + # operator: in + # values: ["false"] + + # - name: push-dockerfile + # params: + # - name: IMAGE + # value: $(tasks.build-container.results.IMAGE_URL) + # - name: IMAGE_DIGEST + # value: $(tasks.build-container.results.IMAGE_DIGEST) + # - name: DOCKERFILE + # value: $(params.dockerfile) + # - name: CONTEXT + # value: $(params.path-context) + # - name: SOURCE_ARTIFACT + # value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + # taskRef: + # params: + # - name: name + # value: push-dockerfile-oci-ta + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:80d48a1b9d2707490309941ec9f79338533938f959ca9a207b481b0e8a5e7a93 + # - name: kind + # value: task + # resolver: bundles - name: create-acs-style-snapshot # Explicitly running after all other tasks to ensure that # - there are no failures that should prevent a release of the operator-bundle image (missing RPMs signatures, deprecated base images, ...) # - the source image is present as it is required by EC runAfter: - - apply-tags - - build-container - - build-source-image - - clair-scan - - clamav-scan + # - apply-tags + # - build-container + # - build-source-image + # - clair-scan + # - clamav-scan - clone-repository - - deprecated-base-image-check + # - deprecated-base-image-check - determine-main-image-tag - determine-operator-image-tag - init - prefetch-dependencies - - push-dockerfile - - rpms-signature-scan - - sast-snyk-check - - wait-for-central-db-image + # - push-dockerfile + # - rpms-signature-scan + # - sast-snyk-check - wait-for-collector-full-image - - wait-for-collector-slim-image - - wait-for-main-image - - wait-for-operator-image - - wait-for-roxctl-image - - wait-for-scanner-db-image - - wait-for-scanner-db-slim-image - - wait-for-scanner-image - - wait-for-scanner-slim-image - - wait-for-scanner-v4-db-image - - wait-for-scanner-v4-image + # - wait-for-collector-slim-image + # - wait-for-main-image + # - wait-for-operator-image + # - wait-for-roxctl-image + # - wait-for-scanner-db-image + # - wait-for-scanner-db-slim-image + # - wait-for-scanner-image + # - wait-for-scanner-slim-image + # - wait-for-scanner-v4-db-image + # - wait-for-scanner-v4-image params: - name: SOURCE_ARTIFACT value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - name: IMAGE_REFS value: | [ - { - "component": "central-db", - "ref": "$(params.central-db-image-build-repo)@$(tasks.wait-for-central-db-image.results.IMAGE_DIGEST)", - "repository": "$(params.git-url)", - "revision": "$(params.revision)" - }, { "component": "collector", "ref": "$(params.collector-full-image-build-repo)@$(tasks.wait-for-collector-full-image.results.IMAGE_DIGEST)", "repository": "$(tasks.wait-for-collector-full-image.results.GIT_REPO)", "revision": "$(tasks.wait-for-collector-full-image.results.GIT_REF)" - }, - { - "component": "main", - "ref": "$(params.main-image-build-repo)@$(tasks.wait-for-main-image.results.IMAGE_DIGEST)", - "repository": "$(params.git-url)", - "revision": "$(params.revision)" - }, - { - "component": "operator", - "ref": "$(params.operator-image-build-repo)@$(tasks.wait-for-operator-image.results.IMAGE_DIGEST)", - "repository": "$(params.git-url)", - "revision": "$(params.revision)" - }, - { - "component": "operator-bundle", - "ref": "$(params.output-image-repo)@$(tasks.build-container.results.IMAGE_DIGEST)", - "repository": "$(params.git-url)", - "revision": "$(params.revision)" - }, - { - "component": "roxctl", - "ref": "$(params.roxctl-image-build-repo)@$(tasks.wait-for-roxctl-image.results.IMAGE_DIGEST)", - "repository": "$(params.git-url)", - "revision": "$(params.revision)" - }, - { - "component": "scanner", - "ref": "$(params.scanner-image-build-repo)@$(tasks.wait-for-scanner-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-scanner-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-scanner-image.results.GIT_REF)" - }, - { - "component": "scanner-db", - "ref": "$(params.scanner-db-image-build-repo)@$(tasks.wait-for-scanner-db-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-scanner-db-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-scanner-db-image.results.GIT_REF)" - }, - { - "component": "scanner-db-slim", - "ref": "$(params.scanner-db-slim-image-build-repo)@$(tasks.wait-for-scanner-db-slim-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-scanner-db-slim-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-scanner-db-slim-image.results.GIT_REF)" - }, - { - "component": "scanner-slim", - "ref": "$(params.scanner-slim-image-build-repo)@$(tasks.wait-for-scanner-slim-image.results.IMAGE_DIGEST)", - "repository": "$(tasks.wait-for-scanner-slim-image.results.GIT_REPO)", - "revision": "$(tasks.wait-for-scanner-slim-image.results.GIT_REF)" - }, - { - "component": "scanner-v4", - "ref": "$(params.scanner-v4-image-build-repo)@$(tasks.wait-for-scanner-v4-image.results.IMAGE_DIGEST)", - "repository": "$(params.git-url)", - "revision": "$(params.revision)" - }, - { - "component": "scanner-v4-db", - "ref": "$(params.scanner-v4-db-image-build-repo)@$(tasks.wait-for-scanner-v4-db-image.results.IMAGE_DIGEST)", - "repository": "$(params.git-url)", - "revision": "$(params.revision)" } ] - name: MAIN_IMAGE_TAG From 65ab0d7b2f91581673a5ab0d80b385044c472f5e Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Fri, 20 Dec 2024 14:03:28 +0100 Subject: [PATCH 58/92] rename and fix speed --- .konflux/scripts/render_snapshot.py | 8 ++--- .tekton/operator-bundle-pipeline.yaml | 48 +++++++++++++-------------- 2 files changed, 28 insertions(+), 28 deletions(-) diff --git a/.konflux/scripts/render_snapshot.py b/.konflux/scripts/render_snapshot.py index 93f2705c4ab26..96dfc1a9ff1fd 100755 --- a/.konflux/scripts/render_snapshot.py +++ b/.konflux/scripts/render_snapshot.py @@ -11,8 +11,8 @@ def parse_image_refs(image_refs): def validate_component(component): assert ( - component["component"] != "" - and component["ref"] != "" + component["name"] != "" + and component["containerImage"] != "" and component["revision"] != "" and component["repository"] != "" ), "Component must have component name, ref, revision and repository set. Check container image labels." @@ -23,10 +23,10 @@ def process_component(component, name_suffix): if name_suffix != "": name = f"{component['component']}-{name_suffix}" else: - name = component["component"] + name = component["name"] return { - "containerImage": component["ref"], + "containerImage": component["containerImage"], "name": name, "source": { "git": { diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index f0ed10fdee2f5..d890e25fb6887 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -26,19 +26,19 @@ spec: value: task resolver: bundles - - name: show-sbom - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - taskRef: - params: - - name: name - value: show-sbom - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 - - name: kind - value: task - resolver: bundles + # - name: show-sbom + # params: + # - name: IMAGE_URL + # value: $(tasks.build-container.results.IMAGE_URL) + # taskRef: + # params: + # - name: name + # value: show-sbom + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 + # - name: kind + # value: task + # resolver: bundles params: - description: Source Repository URL @@ -215,21 +215,21 @@ spec: default: "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8" results: - - description: "" - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - description: "" - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) + # - description: "" + # name: IMAGE_URL + # value: $(tasks.build-container.results.IMAGE_URL) + # - description: "" + # name: IMAGE_DIGEST + # value: $(tasks.build-container.results.IMAGE_DIGEST) - description: "" name: CHAINS-GIT_URL value: $(tasks.clone-repository.results.url) - description: "" name: CHAINS-GIT_COMMIT value: $(tasks.clone-repository.results.commit) - - description: "" - name: JAVA_COMMUNITY_DEPENDENCIES - value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) + # - description: "" + # name: JAVA_COMMUNITY_DEPENDENCIES + # value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) - description: "" name: SNAPSHOT_NAME value: $(tasks.create-acs-style-snapshot.results.SNAPSHOT_NAME) @@ -699,8 +699,8 @@ spec: value: | [ { - "component": "collector", - "ref": "$(params.collector-full-image-build-repo)@$(tasks.wait-for-collector-full-image.results.IMAGE_DIGEST)", + "name": "collector", + "containerImage": "$(params.collector-full-image-build-repo)@$(tasks.wait-for-collector-full-image.results.IMAGE_DIGEST)", "repository": "$(tasks.wait-for-collector-full-image.results.GIT_REPO)", "revision": "$(tasks.wait-for-collector-full-image.results.GIT_REF)" } From dd4262a310239a6f2cceded46d0cf48386d2b7fc Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Fri, 20 Dec 2024 14:19:27 +0100 Subject: [PATCH 59/92] fix UTC --- .konflux/scripts/render_snapshot.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.konflux/scripts/render_snapshot.py b/.konflux/scripts/render_snapshot.py index 96dfc1a9ff1fd..4382e0be887ed 100755 --- a/.konflux/scripts/render_snapshot.py +++ b/.konflux/scripts/render_snapshot.py @@ -45,7 +45,7 @@ def construct_snapshot( application, components ): - timestamp = datetime.datetime.now(datetime.UTC).strftime("%Y%m%dT%H%M%SZ") + timestamp = datetime.datetime.now(datetime.timezone.utc).strftime("%Y%m%dT%H%M%SZ") snapshot_name = f"{snapshot_name_prefix}_{snapshot_version_suffix}-{timestamp}" return { "apiVersion": "appstudio.redhat.com/v1alpha1", From acabef6a9a763e9bde7a9e6f83558f67264eaedf Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Fri, 20 Dec 2024 14:41:49 +0100 Subject: [PATCH 60/92] sanitize tag so the snapshot name is a lowercase RFC 1123 subdomain --- .konflux/scripts/render_snapshot.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.konflux/scripts/render_snapshot.py b/.konflux/scripts/render_snapshot.py index 4382e0be887ed..176cd96c55632 100755 --- a/.konflux/scripts/render_snapshot.py +++ b/.konflux/scripts/render_snapshot.py @@ -69,17 +69,21 @@ def determine_component_version_suffix(application): return application.lstrip("acs-") +def sanitize_tag(tag): + return tag.replace(".", "-") + + if __name__ == '__main__': application = os.environ["APPLICATION"] pipeline_run_name = os.environ["PIPELINE_RUN_NAME"] namespace = os.environ["NAMESPACE"] image_refs = parse_image_refs(os.environ["IMAGE_REFS"]) - main_image_tag = os.environ["MAIN_IMAGE_TAG"] + snapshot_version_suffix = sanitize_tag(os.environ["MAIN_IMAGE_TAG"]) name_suffix = determine_component_version_suffix(application) components = [process_component(c, name_suffix) for c in image_refs] snapshot = construct_snapshot( snapshot_name_prefix=application, - snapshot_version_suffix=main_image_tag, + snapshot_version_suffix=snapshot_version_suffix, pipeline_run_name=pipeline_run_name, namespace=namespace, application=application, From 6cedc5d0e46e77a374d5f5c41fd2b26d39fd740c Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Fri, 20 Dec 2024 14:53:04 +0100 Subject: [PATCH 61/92] then it was also incorect --- .konflux/scripts/render_snapshot.py | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/.konflux/scripts/render_snapshot.py b/.konflux/scripts/render_snapshot.py index 176cd96c55632..11e2edab31617 100755 --- a/.konflux/scripts/render_snapshot.py +++ b/.konflux/scripts/render_snapshot.py @@ -46,7 +46,7 @@ def construct_snapshot( components ): timestamp = datetime.datetime.now(datetime.timezone.utc).strftime("%Y%m%dT%H%M%SZ") - snapshot_name = f"{snapshot_name_prefix}_{snapshot_version_suffix}-{timestamp}" + snapshot_name = f"{snapshot_name_prefix}-{snapshot_version_suffix}-{timestamp}" return { "apiVersion": "appstudio.redhat.com/v1alpha1", "kind": "Snapshot", @@ -69,21 +69,17 @@ def determine_component_version_suffix(application): return application.lstrip("acs-") -def sanitize_tag(tag): - return tag.replace(".", "-") - - if __name__ == '__main__': application = os.environ["APPLICATION"] pipeline_run_name = os.environ["PIPELINE_RUN_NAME"] namespace = os.environ["NAMESPACE"] image_refs = parse_image_refs(os.environ["IMAGE_REFS"]) - snapshot_version_suffix = sanitize_tag(os.environ["MAIN_IMAGE_TAG"]) + main_image_tag = os.environ["MAIN_IMAGE_TAG"] name_suffix = determine_component_version_suffix(application) components = [process_component(c, name_suffix) for c in image_refs] snapshot = construct_snapshot( snapshot_name_prefix=application, - snapshot_version_suffix=snapshot_version_suffix, + snapshot_version_suffix=main_image_tag, pipeline_run_name=pipeline_run_name, namespace=namespace, application=application, From e1719645549efcbb61978c544aafa35d604a28fb Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Fri, 20 Dec 2024 14:58:36 +0100 Subject: [PATCH 62/92] lowercase --- .konflux/scripts/render_snapshot.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.konflux/scripts/render_snapshot.py b/.konflux/scripts/render_snapshot.py index 11e2edab31617..a94e6471a5e3a 100755 --- a/.konflux/scripts/render_snapshot.py +++ b/.konflux/scripts/render_snapshot.py @@ -46,7 +46,7 @@ def construct_snapshot( components ): timestamp = datetime.datetime.now(datetime.timezone.utc).strftime("%Y%m%dT%H%M%SZ") - snapshot_name = f"{snapshot_name_prefix}-{snapshot_version_suffix}-{timestamp}" + snapshot_name = f"{snapshot_name_prefix}-{snapshot_version_suffix}-{timestamp}".lower() return { "apiVersion": "appstudio.redhat.com/v1alpha1", "kind": "Snapshot", From 7f3b94edc43cc0fb3fb17fd9d08d86f555d466f7 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Fri, 20 Dec 2024 15:31:11 +0100 Subject: [PATCH 63/92] use regex to determine version suffix --- .konflux/scripts/render_snapshot.py | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/.konflux/scripts/render_snapshot.py b/.konflux/scripts/render_snapshot.py index a94e6471a5e3a..6fd316bf7fcc6 100755 --- a/.konflux/scripts/render_snapshot.py +++ b/.konflux/scripts/render_snapshot.py @@ -3,6 +3,7 @@ import datetime import json import os +import re def parse_image_refs(image_refs): @@ -18,10 +19,17 @@ def validate_component(component): ), "Component must have component name, ref, revision and repository set. Check container image labels." +def determine_component_version_suffix(application): + match = re.search(r"acs-(?P\d+-\d+)", application) + if match: + return match.group('version') + return "" + + def process_component(component, name_suffix): validate_component(component) if name_suffix != "": - name = f"{component['component']}-{name_suffix}" + name = f"{component["name"]}{name_suffix}" else: name = component["name"] @@ -64,9 +72,10 @@ def construct_snapshot( } -def determine_component_version_suffix(application): - # TODO: this as a regex - return application.lstrip("acs-") +def write_snapshot(snapshot): + with open("snapshot.json", "w") as f: + json.dump(snapshot, f) + print(snapshot["metadata"]["name"], end="") if __name__ == '__main__': @@ -86,7 +95,4 @@ def determine_component_version_suffix(application): components=components ) - with open("snapshot.json", "w") as f: - json.dump(snapshot, f) - - print(snapshot["metadata"]["name"], end="") + write_snapshot(snapshot) From cb14abd9cb1307cdbb7b0c48a120da345d87a1f6 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Fri, 20 Dec 2024 15:58:00 +0100 Subject: [PATCH 64/92] prepare step split --- .konflux/scripts/render_snapshot.py | 20 ++++++++++++-------- .tekton/create-snapshot-task.yaml | 15 ++++++++++----- 2 files changed, 22 insertions(+), 13 deletions(-) diff --git a/.konflux/scripts/render_snapshot.py b/.konflux/scripts/render_snapshot.py index 6fd316bf7fcc6..f85d3cf0cea86 100755 --- a/.konflux/scripts/render_snapshot.py +++ b/.konflux/scripts/render_snapshot.py @@ -72,20 +72,23 @@ def construct_snapshot( } -def write_snapshot(snapshot): +def write_snapshot(snapshot, results_path): with open("snapshot.json", "w") as f: json.dump(snapshot, f) - print(snapshot["metadata"]["name"], end="") + with open(results_path, "w", newline="") as f: + f.write(snapshot["metadata"]["name"]) if __name__ == '__main__': - application = os.environ["APPLICATION"] - pipeline_run_name = os.environ["PIPELINE_RUN_NAME"] - namespace = os.environ["NAMESPACE"] - image_refs = parse_image_refs(os.environ["IMAGE_REFS"]) - main_image_tag = os.environ["MAIN_IMAGE_TAG"] + application = os.environ["APPLICATION"] # 1 name_suffix = determine_component_version_suffix(application) + image_refs = parse_image_refs(os.environ["IMAGE_REFS"]) # 2 components = [process_component(c, name_suffix) for c in image_refs] + + main_image_tag = os.environ["MAIN_IMAGE_TAG"] # 3 + pipeline_run_name = os.environ["PIPELINE_RUN_NAME"] # 4 + namespace = os.environ["NAMESPACE"] # 5 + snapshot = construct_snapshot( snapshot_name_prefix=application, snapshot_version_suffix=main_image_tag, @@ -95,4 +98,5 @@ def write_snapshot(snapshot): components=components ) - write_snapshot(snapshot) + snapshot_name_results_path = os.environ["SNAPSHOT_NAME_RESULTS_PATH"] + write_snapshot(snapshot, snapshot_name_results_path) diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index fd172854bde08..48a99174711a9 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -31,8 +31,8 @@ spec: args: - use - $(params.SOURCE_ARTIFACT)=/var/workdir/source - - name: create-snapshot - image: registry.redhat.io/openshift4/ose-cli-rhel9@sha256:4f822262adc75bff1891bee0bab1611ae62dfb347f98fcf9aa2604129087eb2c + - name: render-snapshot + image: registry.access.redhat.com/ubi9:latest@sha256:1057dab827c782abcfb9bda0c3900c0966b5066e671d54976a7bcb3a2d1a5e53 workingDir: /var/workdir/source env: - name: APPLICATION @@ -55,8 +55,13 @@ spec: #!/usr/bin/env bash set -euo pipefail - .konflux/scripts/render_snapshot.py | tee "$(results.SNAPSHOT_NAME.path)" + .konflux/scripts/render_snapshot.py + + - name: create-snapshot + image: registry.redhat.io/openshift4/ose-cli-rhel9@sha256:4f822262adc75bff1891bee0bab1611ae62dfb347f98fcf9aa2604129087eb2c + workingDir: /var/workdir/source + script: | + #!/usr/bin/env bash + set -euo pipefail - # Printing an empty line for separation in the log. - echo oc create -f snapshot.json From 6f2c702a34abeb345d3f29fcaf0a3aee25bb3bc4 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Fri, 20 Dec 2024 16:04:50 +0100 Subject: [PATCH 65/92] fix --- .konflux/scripts/render_snapshot.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.konflux/scripts/render_snapshot.py b/.konflux/scripts/render_snapshot.py index f85d3cf0cea86..35ab5c8094c0d 100755 --- a/.konflux/scripts/render_snapshot.py +++ b/.konflux/scripts/render_snapshot.py @@ -29,7 +29,7 @@ def determine_component_version_suffix(application): def process_component(component, name_suffix): validate_component(component) if name_suffix != "": - name = f"{component["name"]}{name_suffix}" + name = f"{component['name']}{name_suffix}" else: name = component["name"] From 14b24d81bd57f028ba160dfdd9a373ae931abd17 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Fri, 20 Dec 2024 16:09:28 +0100 Subject: [PATCH 66/92] provide path --- .tekton/create-snapshot-task.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index 48a99174711a9..f821178347f0c 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -51,6 +51,8 @@ spec: value: $(params.IMAGE_REFS) - name: MAIN_IMAGE_TAG value: $(params.MAIN_IMAGE_TAG) + - name: SNAPSHOT_NAME_RESULTS_PATH + value: $(results.SNAPSHOT_NAME.path) script: | #!/usr/bin/env bash set -euo pipefail From de9f50093a3c28f011252f3364e640079d500398 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Fri, 20 Dec 2024 16:15:39 +0100 Subject: [PATCH 67/92] add hints for future me --- .konflux/scripts/render_snapshot.py | 1 + .tekton/create-snapshot-task.yaml | 2 ++ 2 files changed, 3 insertions(+) diff --git a/.konflux/scripts/render_snapshot.py b/.konflux/scripts/render_snapshot.py index 35ab5c8094c0d..df8776b1964a7 100755 --- a/.konflux/scripts/render_snapshot.py +++ b/.konflux/scripts/render_snapshot.py @@ -100,3 +100,4 @@ def write_snapshot(snapshot, results_path): snapshot_name_results_path = os.environ["SNAPSHOT_NAME_RESULTS_PATH"] write_snapshot(snapshot, snapshot_name_results_path) + print("Rendered snapshot written to workspace.") diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index f821178347f0c..aee87c495a5ca 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -35,6 +35,7 @@ spec: image: registry.access.redhat.com/ubi9:latest@sha256:1057dab827c782abcfb9bda0c3900c0966b5066e671d54976a7bcb3a2d1a5e53 workingDir: /var/workdir/source env: + # For these vars, args: will not work - name: APPLICATION valueFrom: fieldRef: @@ -47,6 +48,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name + # It might work for these vars - name: IMAGE_REFS value: $(params.IMAGE_REFS) - name: MAIN_IMAGE_TAG From 07c045ecd8b3e00037b78c4f0ed048073cdc6529 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 2 Jan 2025 09:40:03 +0100 Subject: [PATCH 68/92] apply review comments to check-konflux-pipelines.sh --- scripts/ci/jobs/check-konflux-pipelines.sh | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/scripts/ci/jobs/check-konflux-pipelines.sh b/scripts/ci/jobs/check-konflux-pipelines.sh index 376b9996da91f..ae4ae652c419d 100755 --- a/scripts/ci/jobs/check-konflux-pipelines.sh +++ b/scripts/ci/jobs/check-konflux-pipelines.sh @@ -9,19 +9,24 @@ ensure_create_snapshot_runs_last() { expected_runafter="$(yq eval '.spec.tasks[] | select(.name != "create-acs-style-snapshot") | .name' .tekton/operator-bundle-pipeline.yaml | sort)" actual_runafter="$(yq eval '.spec.tasks[] | select(.name == "create-acs-style-snapshot") | .runAfter[]' .tekton/operator-bundle-pipeline.yaml)" - if ! DIFF=$(diff <(echo "${expected_runafter}") <(echo "${actual_runafter}")); then + echo "➤ .tekton/operator-bundle-pipeline.yaml // create-acs-style-snapshot: task's runAfter contents shall match the expected ones (left - expected, right - actual)." + if ! diff --side-by-side <(echo "${expected_runafter}") <(echo "${actual_runafter}"); then echo >&2 -e """ - ERROR: - Ensure that all previous tasks in the operator-bundle pipeline are mentioned - in the runAfter parameter for the create-acs-style-snapshot task. +✗ ERROR: - This is what is different: +The actual runAfter contents do not match the expectations. +To resolve: - $DIFF - """ +1. Open .tekton/operator-bundle-pipeline.yaml and locate the create-acs-style-snapshot task +2. Update the runAfter attribute of this task to this list of all previous tasks in the pipeline (sorted alphabetically): + +${expected_runafter} + """ exit 1 + else + echo "✓ No diff detected." fi } -echo "Ensure that modifications to our Konflux pipelines follow our expectations and conventions" +echo "Ensure consistency of our Konflux pipelines." ensure_create_snapshot_runs_last From 709e0fa713ea1731877488fdaaebad6e032aebb5 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 2 Jan 2025 10:40:01 +0100 Subject: [PATCH 69/92] Add validation for required labels --- .tekton/wait-for-image-task.yaml | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/.tekton/wait-for-image-task.yaml b/.tekton/wait-for-image-task.yaml index 1bf937381da09..b956f32cca3f0 100644 --- a/.tekton/wait-for-image-task.yaml +++ b/.tekton/wait-for-image-task.yaml @@ -34,12 +34,19 @@ spec: echo "Image $(params.IMAGE) found." - infos="$(skopeo inspect \ + raw_info=( "$(skopeo inspect \ --retry-times 10 \ --format '{{.Digest}} {{ index .Labels "vcs-ref" }} {{ index .Labels "source-location" }}' \ --no-tags \ - "docker://$(params.IMAGE)")" + "docker://$(params.IMAGE)")" ) - echo -n $(cut -f1 -d' ' <<< "${infos}") | tee "$(results.IMAGE_DIGEST.path)" - echo -n $(cut -f2 -d' ' <<< "${infos}") | tee "$(results.GIT_REF.path)" - echo -n $(cut -f3 -d' ' <<< "${infos}") | tee "$(results.GIT_REPO.path)" + # Turning raw_info into an array for easier handling. + infos=( $raw_info ) + if [ ${#infos[@]} -ne 3 ]; then + echo "ERROR: Not all required information was found. Verify that the 'vcs-ref' and 'source-location' labels are set on the image $(params.IMAGE)." + exit 1 + fi + + echo -n "${infos[0]}" | tee "$(results.IMAGE_DIGEST.path)" + echo -n "${infos[1]}" | tee "$(results.GIT_REF.path)" + echo -n "${infos[2]}" | tee "$(results.GIT_REPO.path)" From 4a6b67c083111afcb6d05c9cd5008b6a9934955c Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 2 Jan 2025 10:45:27 +0100 Subject: [PATCH 70/92] attempt to fix pipeline not starting --- .tekton/operator-bundle-pipeline.yaml | 712 +++++++++++++------------- 1 file changed, 356 insertions(+), 356 deletions(-) diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index 791b35879a3ba..3453b510d364c 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -26,19 +26,19 @@ spec: value: task resolver: bundles - # - name: show-sbom - # params: - # - name: IMAGE_URL - # value: $(tasks.build-container.results.IMAGE_URL) - # taskRef: - # params: - # - name: name - # value: show-sbom - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 - # - name: kind - # value: task - # resolver: bundles + - name: show-sbom + params: + - name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + taskRef: + params: + - name: name + value: show-sbom + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 + - name: kind + value: task + resolver: bundles params: - description: Source Repository URL @@ -215,21 +215,21 @@ spec: default: "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8" results: - # - description: "" - # name: IMAGE_URL - # value: $(tasks.build-container.results.IMAGE_URL) - # - description: "" - # name: IMAGE_DIGEST - # value: $(tasks.build-container.results.IMAGE_DIGEST) + - description: "" + name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) - description: "" name: CHAINS-GIT_URL value: $(tasks.clone-repository.results.url) - description: "" name: CHAINS-GIT_COMMIT value: $(tasks.clone-repository.results.commit) - # - description: "" - # name: JAVA_COMMUNITY_DEPENDENCIES - # value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) + - description: "" + name: JAVA_COMMUNITY_DEPENDENCIES + value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) - description: "" name: SNAPSHOT_NAME value: $(tasks.create-acs-style-snapshot.results.SNAPSHOT_NAME) @@ -342,86 +342,86 @@ spec: - name: git-basic-auth workspace: git-auth - # - name: wait-for-operator-image - # params: - # - name: IMAGE - # value: "$(params.operator-image-build-repo):$(tasks.determine-operator-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # # This timeout must be the same as the pipeline timeout in `operator-build.yaml`. - # timeout: 1h10m - - # - name: wait-for-main-image - # params: - # - name: IMAGE - # value: "$(params.main-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # # This timeout must be the same as the pipeline timeout in `main-build.yaml`. - # timeout: 2h40m - - # - name: wait-for-scanner-image - # params: - # - name: IMAGE - # value: "$(params.scanner-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # # This timeout must be the same as the pipeline timeout in `scanner-retag.yaml` - # timeout: 40m - - # - name: wait-for-scanner-db-image - # params: - # - name: IMAGE - # value: "$(params.scanner-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # # This timeout must be the same as the pipeline timeout in `scanner-db-retag.yaml` - # timeout: 40m - - # - name: wait-for-scanner-slim-image - # params: - # - name: IMAGE - # value: "$(params.scanner-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # # This timeout must be the same as the pipeline timeout in `scanner-slim-retag.yaml` - # timeout: 40m - - # - name: wait-for-scanner-db-slim-image - # params: - # - name: IMAGE - # value: "$(params.scanner-db-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # # This timeout must be the same as the pipeline timeout in `scanner-db-slim-retag.yaml` - # timeout: 40m - - # - name: wait-for-scanner-v4-image - # params: - # - name: IMAGE - # value: "$(params.scanner-v4-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # # This timeout must be the same as the pipeline timeout in `scanner-v4-build.yaml`. - # timeout: 1h10m - - # - name: wait-for-scanner-v4-db-image - # params: - # - name: IMAGE - # value: "$(params.scanner-v4-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # # This timeout must be the same as the pipeline timeout in `scanner-v4-db-build.yaml`. - # timeout: 1h10m - - # - name: wait-for-collector-slim-image - # params: - # - name: IMAGE - # value: "$(params.collector-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # # The timeout must be the same as the pipeline timeout in `collector-slim-retag.yaml` - # timeout: 40m + - name: wait-for-operator-image + params: + - name: IMAGE + value: "$(params.operator-image-build-repo):$(tasks.determine-operator-image-tag.results.IMAGE_TAG)" + taskRef: + name: wait-for-image + # This timeout must be the same as the pipeline timeout in `operator-build.yaml`. + timeout: 1h10m + + - name: wait-for-main-image + params: + - name: IMAGE + value: "$(params.main-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: + name: wait-for-image + # This timeout must be the same as the pipeline timeout in `main-build.yaml`. + timeout: 2h40m + + - name: wait-for-scanner-image + params: + - name: IMAGE + value: "$(params.scanner-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: + name: wait-for-image + # This timeout must be the same as the pipeline timeout in `scanner-retag.yaml` + timeout: 40m + + - name: wait-for-scanner-db-image + params: + - name: IMAGE + value: "$(params.scanner-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: + name: wait-for-image + # This timeout must be the same as the pipeline timeout in `scanner-db-retag.yaml` + timeout: 40m + + - name: wait-for-scanner-slim-image + params: + - name: IMAGE + value: "$(params.scanner-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: + name: wait-for-image + # This timeout must be the same as the pipeline timeout in `scanner-slim-retag.yaml` + timeout: 40m + + - name: wait-for-scanner-db-slim-image + params: + - name: IMAGE + value: "$(params.scanner-db-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: + name: wait-for-image + # This timeout must be the same as the pipeline timeout in `scanner-db-slim-retag.yaml` + timeout: 40m + + - name: wait-for-scanner-v4-image + params: + - name: IMAGE + value: "$(params.scanner-v4-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: + name: wait-for-image + # This timeout must be the same as the pipeline timeout in `scanner-v4-build.yaml`. + timeout: 1h10m + + - name: wait-for-scanner-v4-db-image + params: + - name: IMAGE + value: "$(params.scanner-v4-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: + name: wait-for-image + # This timeout must be the same as the pipeline timeout in `scanner-v4-db-build.yaml`. + timeout: 1h10m + + - name: wait-for-collector-slim-image + params: + - name: IMAGE + value: "$(params.collector-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: + name: wait-for-image + # The timeout must be the same as the pipeline timeout in `collector-slim-retag.yaml` + timeout: 40m - name: wait-for-collector-full-image params: @@ -431,272 +431,272 @@ spec: # The timeout must be the same as the pipeline timeout in `collector-full-retag.yaml` timeout: 40m - # - name: wait-for-roxctl-image - # params: - # - name: IMAGE - # value: "$(params.roxctl-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # # This timeout must be the same as the pipeline timeout in `roxctl-build.yaml`. - # timeout: 1h10m - - # - name: wait-for-central-db-image - # params: - # - name: IMAGE - # value: "$(params.central-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # # This timeout must be the same as the pipeline timeout in `central-db-build.yaml`. - # timeout: 1h40m - - # - name: build-container - # params: - # - name: IMAGE - # # Note the operator bundle tag is prefixed with "v". - # value: $(params.output-image-repo):v$(tasks.determine-operator-image-tag.results.IMAGE_TAG) - # - name: DOCKERFILE - # value: $(params.dockerfile) - # - name: CONTEXT - # value: $(params.path-context) - # - name: HERMETIC - # value: $(params.hermetic) - # - name: PREFETCH_INPUT - # value: $(params.prefetch-input) - # - name: IMAGE_EXPIRES_AFTER - # value: $(params.image-expires-after) - # - name: COMMIT_SHA - # value: $(tasks.clone-repository.results.commit) - # - name: BUILD_ARGS - # value: - # - OPERATOR_IMAGE_TAG=$(tasks.determine-operator-image-tag.results.IMAGE_TAG) - # - OPERATOR_IMAGE_REF=$(params.operator-image-catalog-repo)@$(tasks.wait-for-operator-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_MAIN=$(params.main-image-catalog-repo)@$(tasks.wait-for-main-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_SCANNER=$(params.scanner-image-catalog-repo)@$(tasks.wait-for-scanner-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_SCANNER_DB=$(params.scanner-db-image-catalog-repo)@$(tasks.wait-for-scanner-db-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_SCANNER_SLIM=$(params.scanner-slim-image-catalog-repo)@$(tasks.wait-for-scanner-slim-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_SCANNER_DB_SLIM=$(params.scanner-db-slim-image-catalog-repo)@$(tasks.wait-for-scanner-db-slim-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_SCANNER_V4=$(params.scanner-v4-image-catalog-repo)@$(tasks.wait-for-scanner-v4-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_SCANNER_V4_DB=$(params.scanner-v4-db-image-catalog-repo)@$(tasks.wait-for-scanner-v4-db-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_COLLECTOR_SLIM=$(params.collector-slim-image-catalog-repo)@$(tasks.wait-for-collector-slim-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_COLLECTOR_FULL=$(params.collector-full-image-catalog-repo)@$(tasks.wait-for-collector-full-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_ROXCTL=$(params.roxctl-image-catalog-repo)@$(tasks.wait-for-roxctl-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_CENTRAL_DB=$(params.central-db-image-catalog-repo)@$(tasks.wait-for-central-db-image.results.IMAGE_DIGEST) - # - name: SOURCE_ARTIFACT - # value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - # - name: CACHI2_ARTIFACT - # value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - # taskRef: - # params: - # - name: name - # value: buildah-oci-ta - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.2@sha256:ea5f13f235f98e9f0da599439f0b62b729901a5b6ad8d673daf3821f3f9cb66f - # - name: kind - # value: task - # resolver: bundles - # when: - # - input: $(tasks.init.results.build) - # operator: in - # values: [ "true" ] - - # - name: apply-tags - # params: - # - name: IMAGE - # value: $(tasks.build-container.results.IMAGE_URL) - # - name: ADDITIONAL_TAGS - # value: - # - konflux-$(params.revision) - # taskRef: - # params: - # - name: name - # value: apply-tags - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:87fd7fc0e937aad1a8db9b6e377d7e444f53394dafde512d68adbea6966a4702 - # - name: kind - # value: task - # resolver: bundles - - # - name: build-source-image - # params: - # - name: BINARY_IMAGE - # value: $(tasks.build-container.results.IMAGE_URL) - # - name: SOURCE_ARTIFACT - # value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - # - name: CACHI2_ARTIFACT - # value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - # taskRef: - # params: - # - name: name - # value: source-build-oci-ta - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.1@sha256:bd786bc1d33391bb169f98a1070d1a39e410b835f05fd0db0263754c65bd9bea - # - name: kind - # value: task - # resolver: bundles - # when: - # - input: $(tasks.init.results.build) - # operator: in - # values: [ "true" ] - # - input: $(params.build-source-image) - # operator: in - # values: [ "true" ] - - # - name: deprecated-base-image-check - # params: - # - name: IMAGE_URL - # value: $(tasks.build-container.results.IMAGE_URL) - # - name: IMAGE_DIGEST - # value: $(tasks.build-container.results.IMAGE_DIGEST) - # taskRef: - # params: - # - name: name - # value: deprecated-image-check - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:5a1a165fa02270f0a947d8a2131ee9d8be0b8e9d34123828c2bef589e504ee84 - # - name: kind - # value: task - # resolver: bundles - # when: - # - input: $(params.skip-checks) - # operator: in - # values: [ "false" ] - - # - name: clair-scan - # params: - # - name: image-digest - # value: $(tasks.build-container.results.IMAGE_DIGEST) - # - name: image-url - # value: $(tasks.build-container.results.IMAGE_URL) - # taskRef: - # params: - # - name: name - # value: clair-scan - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:0a5421111e7092740398691d5bd7c125cc0896f29531d19414bb5724ae41692a - # - name: kind - # value: task - # resolver: bundles - # when: - # - input: $(params.skip-checks) - # operator: in - # values: [ "false" ] - - # - name: sast-snyk-check - # params: - # - name: SOURCE_ARTIFACT - # value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - # - name: CACHI2_ARTIFACT - # value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - # - name: image-digest - # value: $(tasks.build-container.results.IMAGE_DIGEST) - # - name: image-url - # value: $(tasks.build-container.results.IMAGE_URL) - # taskRef: - # params: - # - name: name - # value: sast-snyk-check-oci-ta - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:65a213322ea7c64159e37071d369d74b6378b23403150e29537865cada90f022 - # - name: kind - # value: task - # resolver: bundles - # when: - # - input: $(params.skip-checks) - # operator: in - # values: [ "false" ] - - # - name: clamav-scan - # params: - # - name: image-digest - # value: $(tasks.build-container.results.IMAGE_DIGEST) - # - name: image-url - # value: $(tasks.build-container.results.IMAGE_URL) - # taskRef: - # params: - # - name: name - # value: clamav-scan - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:b4f450f1447b166da671f1d5819ab5a1485083e5c27ab91f7d8b7a2ff994c8c2 - # - name: kind - # value: task - # resolver: bundles - # when: - # - input: $(params.skip-checks) - # operator: in - # values: [ "false" ] - - # - name: rpms-signature-scan - # params: - # - name: image-digest - # value: $(tasks.build-container.results.IMAGE_DIGEST) - # - name: image-url - # value: $(tasks.build-container.results.IMAGE_URL) - # taskRef: - # params: - # - name: name - # value: rpms-signature-scan - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:28aaf87d61078a0aeeeabcae455eda7d05c4f9b81d8995bdcf3dde95c1a7a77b - # - name: kind - # value: task - # resolver: bundles - # when: - # - input: $(params.skip-checks) - # operator: in - # values: ["false"] - - # - name: push-dockerfile - # params: - # - name: IMAGE - # value: $(tasks.build-container.results.IMAGE_URL) - # - name: IMAGE_DIGEST - # value: $(tasks.build-container.results.IMAGE_DIGEST) - # - name: DOCKERFILE - # value: $(params.dockerfile) - # - name: CONTEXT - # value: $(params.path-context) - # - name: SOURCE_ARTIFACT - # value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - # taskRef: - # params: - # - name: name - # value: push-dockerfile-oci-ta - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:80d48a1b9d2707490309941ec9f79338533938f959ca9a207b481b0e8a5e7a93 - # - name: kind - # value: task - # resolver: bundles + - name: wait-for-roxctl-image + params: + - name: IMAGE + value: "$(params.roxctl-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: + name: wait-for-image + # This timeout must be the same as the pipeline timeout in `roxctl-build.yaml`. + timeout: 1h10m + + - name: wait-for-central-db-image + params: + - name: IMAGE + value: "$(params.central-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: + name: wait-for-image + # This timeout must be the same as the pipeline timeout in `central-db-build.yaml`. + timeout: 1h40m + + - name: build-container + params: + - name: IMAGE + # Note the operator bundle tag is prefixed with "v". + value: $(params.output-image-repo):v$(tasks.determine-operator-image-tag.results.IMAGE_TAG) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - OPERATOR_IMAGE_TAG=$(tasks.determine-operator-image-tag.results.IMAGE_TAG) + - OPERATOR_IMAGE_REF=$(params.operator-image-catalog-repo)@$(tasks.wait-for-operator-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_MAIN=$(params.main-image-catalog-repo)@$(tasks.wait-for-main-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_SCANNER=$(params.scanner-image-catalog-repo)@$(tasks.wait-for-scanner-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_SCANNER_DB=$(params.scanner-db-image-catalog-repo)@$(tasks.wait-for-scanner-db-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_SCANNER_SLIM=$(params.scanner-slim-image-catalog-repo)@$(tasks.wait-for-scanner-slim-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_SCANNER_DB_SLIM=$(params.scanner-db-slim-image-catalog-repo)@$(tasks.wait-for-scanner-db-slim-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_SCANNER_V4=$(params.scanner-v4-image-catalog-repo)@$(tasks.wait-for-scanner-v4-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_SCANNER_V4_DB=$(params.scanner-v4-db-image-catalog-repo)@$(tasks.wait-for-scanner-v4-db-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_COLLECTOR_SLIM=$(params.collector-slim-image-catalog-repo)@$(tasks.wait-for-collector-slim-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_COLLECTOR_FULL=$(params.collector-full-image-catalog-repo)@$(tasks.wait-for-collector-full-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_ROXCTL=$(params.roxctl-image-catalog-repo)@$(tasks.wait-for-roxctl-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_CENTRAL_DB=$(params.central-db-image-catalog-repo)@$(tasks.wait-for-central-db-image.results.IMAGE_DIGEST) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + taskRef: + params: + - name: name + value: buildah-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.2@sha256:ea5f13f235f98e9f0da599439f0b62b729901a5b6ad8d673daf3821f3f9cb66f + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: [ "true" ] + + - name: apply-tags + params: + - name: IMAGE + value: $(tasks.build-container.results.IMAGE_URL) + - name: ADDITIONAL_TAGS + value: + - konflux-$(params.revision) + taskRef: + params: + - name: name + value: apply-tags + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:87fd7fc0e937aad1a8db9b6e377d7e444f53394dafde512d68adbea6966a4702 + - name: kind + value: task + resolver: bundles + + - name: build-source-image + params: + - name: BINARY_IMAGE + value: $(tasks.build-container.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + taskRef: + params: + - name: name + value: source-build-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.1@sha256:bd786bc1d33391bb169f98a1070d1a39e410b835f05fd0db0263754c65bd9bea + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: [ "true" ] + - input: $(params.build-source-image) + operator: in + values: [ "true" ] + + - name: deprecated-base-image-check + params: + - name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) + taskRef: + params: + - name: name + value: deprecated-image-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:5a1a165fa02270f0a947d8a2131ee9d8be0b8e9d34123828c2bef589e504ee84 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: [ "false" ] + + - name: clair-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + taskRef: + params: + - name: name + value: clair-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:0a5421111e7092740398691d5bd7c125cc0896f29531d19414bb5724ae41692a + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: [ "false" ] + + - name: sast-snyk-check + params: + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + taskRef: + params: + - name: name + value: sast-snyk-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:65a213322ea7c64159e37071d369d74b6378b23403150e29537865cada90f022 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: [ "false" ] + + - name: clamav-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + taskRef: + params: + - name: name + value: clamav-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:b4f450f1447b166da671f1d5819ab5a1485083e5c27ab91f7d8b7a2ff994c8c2 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: [ "false" ] + + - name: rpms-signature-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:28aaf87d61078a0aeeeabcae455eda7d05c4f9b81d8995bdcf3dde95c1a7a77b + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: ["false"] + + - name: push-dockerfile + params: + - name: IMAGE + value: $(tasks.build-container.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + taskRef: + params: + - name: name + value: push-dockerfile-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:80d48a1b9d2707490309941ec9f79338533938f959ca9a207b481b0e8a5e7a93 + - name: kind + value: task + resolver: bundles - name: create-acs-style-snapshot # Explicitly running after all other tasks to ensure that # - there are no failures that should prevent a release of the operator-bundle image (missing RPMs signatures, deprecated base images, ...) # - the source image is present as it is required by EC runAfter: - # - apply-tags - # - build-container - # - build-source-image - # - clair-scan - # - clamav-scan + - apply-tags + - build-container + - build-source-image + - clair-scan + - clamav-scan - clone-repository - # - deprecated-base-image-check + - deprecated-base-image-check - determine-main-image-tag - determine-operator-image-tag - init - prefetch-dependencies - # - push-dockerfile - # - rpms-signature-scan - # - sast-snyk-check + - push-dockerfile + - rpms-signature-scan + - sast-snyk-check - wait-for-collector-full-image - # - wait-for-collector-slim-image - # - wait-for-main-image - # - wait-for-operator-image - # - wait-for-roxctl-image - # - wait-for-scanner-db-image - # - wait-for-scanner-db-slim-image - # - wait-for-scanner-image - # - wait-for-scanner-slim-image - # - wait-for-scanner-v4-db-image - # - wait-for-scanner-v4-image + - wait-for-collector-slim-image + - wait-for-main-image + - wait-for-operator-image + - wait-for-roxctl-image + - wait-for-scanner-db-image + - wait-for-scanner-db-slim-image + - wait-for-scanner-image + - wait-for-scanner-slim-image + - wait-for-scanner-v4-db-image + - wait-for-scanner-v4-image params: - name: SOURCE_ARTIFACT value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) From bb5231360587f718a920369400cd99cb21b5bc1a Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 2 Jan 2025 11:40:48 +0100 Subject: [PATCH 71/92] apply code review suggestions, attempt to fix pipeline --- .konflux/scripts/render_snapshot.py | 41 +++++++++++++-------------- .tekton/create-snapshot-task.yaml | 35 +++++++++-------------- .tekton/operator-bundle-pipeline.yaml | 18 ++++++++++-- 3 files changed, 49 insertions(+), 45 deletions(-) diff --git a/.konflux/scripts/render_snapshot.py b/.konflux/scripts/render_snapshot.py index df8776b1964a7..6495fe8833684 100755 --- a/.konflux/scripts/render_snapshot.py +++ b/.konflux/scripts/render_snapshot.py @@ -16,26 +16,21 @@ def validate_component(component): and component["containerImage"] != "" and component["revision"] != "" and component["repository"] != "" - ), "Component must have component name, ref, revision and repository set. Check container image labels." + ), "Component must have component name, ref, revision and repository set." -def determine_component_version_suffix(application): - match = re.search(r"acs-(?P\d+-\d+)", application) +def determine_product_version_suffix(application): + match = re.search(r"(?P-\d+-\d+$)", application) if match: - return match.group('version') + return match.group("version") return "" -def process_component(component, name_suffix): +def process_component(component, product_version_suffix): validate_component(component) - if name_suffix != "": - name = f"{component['name']}{name_suffix}" - else: - name = component["name"] - return { "containerImage": component["containerImage"], - "name": name, + "name": f"{component['name']}{product_version_suffix}", "source": { "git": { "revision": component["revision"], @@ -45,16 +40,18 @@ def process_component(component, name_suffix): } +def determine_snapshot_name(prefix, product_version): + timestamp = datetime.datetime.now(datetime.timezone.utc).strftime("%Y%m%dT%H%M%SZ") + return f"{prefix}{product_version}-{timestamp}".lower() + + def construct_snapshot( - snapshot_name_prefix, - snapshot_version_suffix, + snapshot_name, pipeline_run_name, namespace, application, components ): - timestamp = datetime.datetime.now(datetime.timezone.utc).strftime("%Y%m%dT%H%M%SZ") - snapshot_name = f"{snapshot_name_prefix}-{snapshot_version_suffix}-{timestamp}".lower() return { "apiVersion": "appstudio.redhat.com/v1alpha1", "kind": "Snapshot", @@ -81,23 +78,23 @@ def write_snapshot(snapshot, results_path): if __name__ == '__main__': application = os.environ["APPLICATION"] # 1 - name_suffix = determine_component_version_suffix(application) + product_version_suffix = determine_product_version_suffix(application) + snapshot_name = determine_snapshot_name(application, product_version_suffix) image_refs = parse_image_refs(os.environ["IMAGE_REFS"]) # 2 - components = [process_component(c, name_suffix) for c in image_refs] + components = [process_component(c, product_version_suffix) for c in image_refs] - main_image_tag = os.environ["MAIN_IMAGE_TAG"] # 3 + product_version = os.environ["PRODUCT_VERSION"] # 3 pipeline_run_name = os.environ["PIPELINE_RUN_NAME"] # 4 namespace = os.environ["NAMESPACE"] # 5 snapshot = construct_snapshot( - snapshot_name_prefix=application, - snapshot_version_suffix=main_image_tag, + snapshot_name=snapshot_name, pipeline_run_name=pipeline_run_name, namespace=namespace, application=application, components=components ) - snapshot_name_results_path = os.environ["SNAPSHOT_NAME_RESULTS_PATH"] - write_snapshot(snapshot, snapshot_name_results_path) + snapshot_name_result_path = os.environ["SNAPSHOT_NAME_RESULT_PATH"] + write_snapshot(snapshot, snapshot_name_result_path) print("Rendered snapshot written to workspace.") diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index aee87c495a5ca..037d6051a01f0 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -4,16 +4,16 @@ metadata: name: create-snapshot namespace: rh-acs-tenant spec: - description: Creates a snapshot based on the components, image refs and Git information passed to the task. + description: Creates a snapshot based on the component names, image refs and Git information passed to the task. params: - name: SOURCE_ARTIFACT description: The Trusted Artifact URI pointing to the application source code. type: string - - name: IMAGE_REFS - description: Image references. + - name: COMPONENTS + description: A stringified JSON array with information about components with name, container image ref, git repo and git revision for each. type: string - - name: MAIN_IMAGE_TAG - description: Result from determine-image-tag for the main image. + - name: PRODUCT_VERSION + description: Product version to record as part of the Snapshot's name to be able to identify snapshots more easily. Pass here the result from determine-image-tag for the main image. type: string results: - name: SNAPSHOT_NAME @@ -35,7 +35,8 @@ spec: image: registry.access.redhat.com/ubi9:latest@sha256:1057dab827c782abcfb9bda0c3900c0966b5066e671d54976a7bcb3a2d1a5e53 workingDir: /var/workdir/source env: - # For these vars, args: will not work + # These values must be provided as environment variables. + # They cannot be provided as arguments to the Python script. - name: APPLICATION valueFrom: fieldRef: @@ -47,25 +48,17 @@ spec: - name: PIPELINE_RUN_NAME valueFrom: fieldRef: - fieldPath: metadata.name - # It might work for these vars + fieldPath: metadata.labels['tekton.dev/pipeline'] + # TODO(when inline Python script): refactor below vars to args: attribute - name: IMAGE_REFS value: $(params.IMAGE_REFS) - - name: MAIN_IMAGE_TAG - value: $(params.MAIN_IMAGE_TAG) - - name: SNAPSHOT_NAME_RESULTS_PATH + - name: PRODUCT_VERSION + value: $(params.PRODUCT_VERSION) + - name: SNAPSHOT_NAME_RESULT_PATH value: $(results.SNAPSHOT_NAME.path) - script: | - #!/usr/bin/env bash - set -euo pipefail - - .konflux/scripts/render_snapshot.py + script: .konflux/scripts/render_snapshot.py - name: create-snapshot image: registry.redhat.io/openshift4/ose-cli-rhel9@sha256:4f822262adc75bff1891bee0bab1611ae62dfb347f98fcf9aa2604129087eb2c workingDir: /var/workdir/source - script: | - #!/usr/bin/env bash - set -euo pipefail - - oc create -f snapshot.json + script: oc create -f snapshot.json diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index 3453b510d364c..6022ba9624bc9 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -2,6 +2,8 @@ apiVersion: tekton.dev/v1 kind: Pipeline metadata: name: operator-bundle-pipeline + annotations: + pipelinesascode.tekton.dev/task: [.tekton/wait-for-image-task.yaml, .tekton/create-snapshot-task.yaml] spec: finally: @@ -348,6 +350,7 @@ spec: value: "$(params.operator-image-build-repo):$(tasks.determine-operator-image-tag.results.IMAGE_TAG)" taskRef: name: wait-for-image + kind: task # This timeout must be the same as the pipeline timeout in `operator-build.yaml`. timeout: 1h10m @@ -357,6 +360,7 @@ spec: value: "$(params.main-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" taskRef: name: wait-for-image + kind: task # This timeout must be the same as the pipeline timeout in `main-build.yaml`. timeout: 2h40m @@ -366,6 +370,7 @@ spec: value: "$(params.scanner-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" taskRef: name: wait-for-image + kind: task # This timeout must be the same as the pipeline timeout in `scanner-retag.yaml` timeout: 40m @@ -375,6 +380,7 @@ spec: value: "$(params.scanner-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" taskRef: name: wait-for-image + kind: task # This timeout must be the same as the pipeline timeout in `scanner-db-retag.yaml` timeout: 40m @@ -384,6 +390,7 @@ spec: value: "$(params.scanner-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" taskRef: name: wait-for-image + kind: task # This timeout must be the same as the pipeline timeout in `scanner-slim-retag.yaml` timeout: 40m @@ -393,6 +400,7 @@ spec: value: "$(params.scanner-db-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" taskRef: name: wait-for-image + kind: task # This timeout must be the same as the pipeline timeout in `scanner-db-slim-retag.yaml` timeout: 40m @@ -402,6 +410,7 @@ spec: value: "$(params.scanner-v4-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" taskRef: name: wait-for-image + kind: task # This timeout must be the same as the pipeline timeout in `scanner-v4-build.yaml`. timeout: 1h10m @@ -411,6 +420,7 @@ spec: value: "$(params.scanner-v4-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" taskRef: name: wait-for-image + kind: task # This timeout must be the same as the pipeline timeout in `scanner-v4-db-build.yaml`. timeout: 1h10m @@ -420,6 +430,7 @@ spec: value: "$(params.collector-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" taskRef: name: wait-for-image + kind: task # The timeout must be the same as the pipeline timeout in `collector-slim-retag.yaml` timeout: 40m @@ -437,6 +448,7 @@ spec: value: "$(params.roxctl-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" taskRef: name: wait-for-image + kind: task # This timeout must be the same as the pipeline timeout in `roxctl-build.yaml`. timeout: 1h10m @@ -446,6 +458,7 @@ spec: value: "$(params.central-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" taskRef: name: wait-for-image + kind: task # This timeout must be the same as the pipeline timeout in `central-db-build.yaml`. timeout: 1h40m @@ -700,7 +713,7 @@ spec: params: - name: SOURCE_ARTIFACT value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - - name: IMAGE_REFS + - name: COMPONENTS value: | [ { @@ -710,7 +723,8 @@ spec: "revision": "$(tasks.wait-for-collector-full-image.results.GIT_REF)" } ] - - name: MAIN_IMAGE_TAG + - name: PRODUCT_VERSION value: $(tasks.determine-main-image-tag.results.IMAGE_TAG) taskRef: name: create-snapshot + kind: task From ac4cc723ee0a302ebaf1a976d3c4d6875fd3cd9d Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 2 Jan 2025 11:44:40 +0100 Subject: [PATCH 72/92] explicitly reference the pipeline definitio --- .tekton/operator-bundle-build.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.tekton/operator-bundle-build.yaml b/.tekton/operator-bundle-build.yaml index 6a01a791758db..66546f8e38ee6 100644 --- a/.tekton/operator-bundle-build.yaml +++ b/.tekton/operator-bundle-build.yaml @@ -3,6 +3,7 @@ kind: PipelineRun metadata: annotations: + pipelinesascode.tekton.dev/pipeline: "./tekton/operator-bundle-pipeline.yaml" build.appstudio.openshift.io/repo: https://github.com/stackrox/stackrox?rev={{revision}} build.appstudio.redhat.com/commit_sha: '{{revision}}' build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' From 408a92ed2e580e406f59ce7226f48ada54deba51 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 2 Jan 2025 11:46:23 +0100 Subject: [PATCH 73/92] fix path --- .tekton/operator-bundle-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.tekton/operator-bundle-build.yaml b/.tekton/operator-bundle-build.yaml index 66546f8e38ee6..c653ab660bd37 100644 --- a/.tekton/operator-bundle-build.yaml +++ b/.tekton/operator-bundle-build.yaml @@ -3,7 +3,7 @@ kind: PipelineRun metadata: annotations: - pipelinesascode.tekton.dev/pipeline: "./tekton/operator-bundle-pipeline.yaml" + pipelinesascode.tekton.dev/pipeline: ".tekton/operator-bundle-pipeline.yaml" build.appstudio.openshift.io/repo: https://github.com/stackrox/stackrox?rev={{revision}} build.appstudio.redhat.com/commit_sha: '{{revision}}' build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' From 185c25d32ac675ee2b03d03b2ef36453800df7a0 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 2 Jan 2025 11:52:15 +0100 Subject: [PATCH 74/92] fix resolution --- .tekton/operator-bundle-pipeline.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index 6022ba9624bc9..f16d374c30552 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -3,7 +3,7 @@ kind: Pipeline metadata: name: operator-bundle-pipeline annotations: - pipelinesascode.tekton.dev/task: [.tekton/wait-for-image-task.yaml, .tekton/create-snapshot-task.yaml] + pipelinesascode.tekton.dev/task: "[.tekton/wait-for-image-task.yaml, .tekton/create-snapshot-task.yaml]" spec: finally: From f366fe7a693902f0617380caf9837c4b42a303c6 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 2 Jan 2025 11:54:34 +0100 Subject: [PATCH 75/92] remove --- .tekton/operator-bundle-build.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.tekton/operator-bundle-build.yaml b/.tekton/operator-bundle-build.yaml index c653ab660bd37..6a01a791758db 100644 --- a/.tekton/operator-bundle-build.yaml +++ b/.tekton/operator-bundle-build.yaml @@ -3,7 +3,6 @@ kind: PipelineRun metadata: annotations: - pipelinesascode.tekton.dev/pipeline: ".tekton/operator-bundle-pipeline.yaml" build.appstudio.openshift.io/repo: https://github.com/stackrox/stackrox?rev={{revision}} build.appstudio.redhat.com/commit_sha: '{{revision}}' build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' From adceee4ae26a22de7fc9b209ffeb20adfc02a15a Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 2 Jan 2025 11:55:09 +0100 Subject: [PATCH 76/92] revert "remove" This reverts commit f366fe7a693902f0617380caf9837c4b42a303c6. --- .tekton/operator-bundle-build.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.tekton/operator-bundle-build.yaml b/.tekton/operator-bundle-build.yaml index 6a01a791758db..c653ab660bd37 100644 --- a/.tekton/operator-bundle-build.yaml +++ b/.tekton/operator-bundle-build.yaml @@ -3,6 +3,7 @@ kind: PipelineRun metadata: annotations: + pipelinesascode.tekton.dev/pipeline: ".tekton/operator-bundle-pipeline.yaml" build.appstudio.openshift.io/repo: https://github.com/stackrox/stackrox?rev={{revision}} build.appstudio.redhat.com/commit_sha: '{{revision}}' build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' From 8a81a29e5807d01c7ef4ad81ac45234fc35f249d Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 2 Jan 2025 11:57:07 +0100 Subject: [PATCH 77/92] add a dot --- .tekton/operator-bundle-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.tekton/operator-bundle-build.yaml b/.tekton/operator-bundle-build.yaml index c653ab660bd37..85071c4bbf3e7 100644 --- a/.tekton/operator-bundle-build.yaml +++ b/.tekton/operator-bundle-build.yaml @@ -3,7 +3,7 @@ kind: PipelineRun metadata: annotations: - pipelinesascode.tekton.dev/pipeline: ".tekton/operator-bundle-pipeline.yaml" + pipelinesascode.tekton.dev/pipeline: "./.tekton/operator-bundle-pipeline.yaml" build.appstudio.openshift.io/repo: https://github.com/stackrox/stackrox?rev={{revision}} build.appstudio.redhat.com/commit_sha: '{{revision}}' build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' From 8d08fbfbde08d439bcf3aaa892ed6663b7126b0f Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 2 Jan 2025 13:21:36 +0100 Subject: [PATCH 78/92] reorder functions in script --- .konflux/scripts/render_snapshot.py | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/.konflux/scripts/render_snapshot.py b/.konflux/scripts/render_snapshot.py index 6495fe8833684..0b3fd8221ded5 100755 --- a/.konflux/scripts/render_snapshot.py +++ b/.konflux/scripts/render_snapshot.py @@ -6,6 +6,18 @@ import re +def determine_product_version_suffix(application): + match = re.search(r"(?P-\d+-\d+$)", application) + if match: + return match.group("version") + return "" + + +def determine_snapshot_name(prefix, product_version): + timestamp = datetime.datetime.now(datetime.timezone.utc).strftime("%Y%m%dT%H%M%SZ") + return f"{prefix}{product_version}-{timestamp}".lower() + + def parse_image_refs(image_refs): return json.loads(image_refs) @@ -19,13 +31,6 @@ def validate_component(component): ), "Component must have component name, ref, revision and repository set." -def determine_product_version_suffix(application): - match = re.search(r"(?P-\d+-\d+$)", application) - if match: - return match.group("version") - return "" - - def process_component(component, product_version_suffix): validate_component(component) return { @@ -40,11 +45,6 @@ def process_component(component, product_version_suffix): } -def determine_snapshot_name(prefix, product_version): - timestamp = datetime.datetime.now(datetime.timezone.utc).strftime("%Y%m%dT%H%M%SZ") - return f"{prefix}{product_version}-{timestamp}".lower() - - def construct_snapshot( snapshot_name, pipeline_run_name, From 0a9859ab146689357def8e71661189591bdd22b6 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 2 Jan 2025 13:51:54 +0100 Subject: [PATCH 79/92] fix taskref --- .tekton/operator-bundle-pipeline.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index f16d374c30552..b77e9c12d6641 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -438,7 +438,9 @@ spec: params: - name: IMAGE value: "$(params.collector-full-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: wait-for-image + taskRef: + name: wait-for-image + kind: task # The timeout must be the same as the pipeline timeout in `collector-full-retag.yaml` timeout: 40m From 930f1ece7377bd49e490d73ef84e8fbb7c4ba936 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 2 Jan 2025 13:54:13 +0100 Subject: [PATCH 80/92] remove unnecessary annotations --- .tekton/operator-bundle-build.yaml | 1 - .tekton/operator-bundle-pipeline.yaml | 2 -- 2 files changed, 3 deletions(-) diff --git a/.tekton/operator-bundle-build.yaml b/.tekton/operator-bundle-build.yaml index 85071c4bbf3e7..6a01a791758db 100644 --- a/.tekton/operator-bundle-build.yaml +++ b/.tekton/operator-bundle-build.yaml @@ -3,7 +3,6 @@ kind: PipelineRun metadata: annotations: - pipelinesascode.tekton.dev/pipeline: "./.tekton/operator-bundle-pipeline.yaml" build.appstudio.openshift.io/repo: https://github.com/stackrox/stackrox?rev={{revision}} build.appstudio.redhat.com/commit_sha: '{{revision}}' build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}' diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index b77e9c12d6641..8f0ef99ffcd62 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -2,8 +2,6 @@ apiVersion: tekton.dev/v1 kind: Pipeline metadata: name: operator-bundle-pipeline - annotations: - pipelinesascode.tekton.dev/task: "[.tekton/wait-for-image-task.yaml, .tekton/create-snapshot-task.yaml]" spec: finally: From ebb19bc93ce12337762aedeb28516d7922df894a Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 2 Jan 2025 13:57:42 +0100 Subject: [PATCH 81/92] Fix pipeline and task definitions --- .konflux/scripts/render_snapshot.py | 4 +- .tekton/create-snapshot-task.yaml | 4 +- .tekton/operator-bundle-pipeline.yaml | 727 +++++++++++++------------- 3 files changed, 358 insertions(+), 377 deletions(-) diff --git a/.konflux/scripts/render_snapshot.py b/.konflux/scripts/render_snapshot.py index 0b3fd8221ded5..5788202af7f69 100755 --- a/.konflux/scripts/render_snapshot.py +++ b/.konflux/scripts/render_snapshot.py @@ -80,8 +80,8 @@ def write_snapshot(snapshot, results_path): application = os.environ["APPLICATION"] # 1 product_version_suffix = determine_product_version_suffix(application) snapshot_name = determine_snapshot_name(application, product_version_suffix) - image_refs = parse_image_refs(os.environ["IMAGE_REFS"]) # 2 - components = [process_component(c, product_version_suffix) for c in image_refs] + raw_components = parse_image_refs(os.environ["COMPONENTS"]) # 2 + components = [process_component(c, product_version_suffix) for c in raw_components] product_version = os.environ["PRODUCT_VERSION"] # 3 pipeline_run_name = os.environ["PIPELINE_RUN_NAME"] # 4 diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index 037d6051a01f0..b1d131ebc9ae2 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -50,8 +50,8 @@ spec: fieldRef: fieldPath: metadata.labels['tekton.dev/pipeline'] # TODO(when inline Python script): refactor below vars to args: attribute - - name: IMAGE_REFS - value: $(params.IMAGE_REFS) + - name: COMPONENTS + value: $(params.COMPONENTS) - name: PRODUCT_VERSION value: $(params.PRODUCT_VERSION) - name: SNAPSHOT_NAME_RESULT_PATH diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index 8f0ef99ffcd62..ad0a3d0850ce4 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -26,19 +26,19 @@ spec: value: task resolver: bundles - - name: show-sbom - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - taskRef: - params: - - name: name - value: show-sbom - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 - - name: kind - value: task - resolver: bundles + # - name: show-sbom + # params: + # - name: IMAGE_URL + # value: $(tasks.build-container.results.IMAGE_URL) + # taskRef: + # params: + # - name: name + # value: show-sbom + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 + # - name: kind + # value: task + # resolver: bundles params: - description: Source Repository URL @@ -215,21 +215,21 @@ spec: default: "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8" results: - - description: "" - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - description: "" - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - - description: "" - name: CHAINS-GIT_URL - value: $(tasks.clone-repository.results.url) - - description: "" - name: CHAINS-GIT_COMMIT - value: $(tasks.clone-repository.results.commit) - - description: "" - name: JAVA_COMMUNITY_DEPENDENCIES - value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) + # - description: "" + # name: IMAGE_URL + # value: $(tasks.build-container.results.IMAGE_URL) + # - description: "" + # name: IMAGE_DIGEST + # value: $(tasks.build-container.results.IMAGE_DIGEST) + # - description: "" + # name: CHAINS-GIT_URL + # value: $(tasks.clone-repository.results.url) + # - description: "" + # name: CHAINS-GIT_COMMIT + # value: $(tasks.clone-repository.results.commit) + # - description: "" + # name: JAVA_COMMUNITY_DEPENDENCIES + # value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) - description: "" name: SNAPSHOT_NAME value: $(tasks.create-acs-style-snapshot.results.SNAPSHOT_NAME) @@ -342,95 +342,95 @@ spec: - name: git-basic-auth workspace: git-auth - - name: wait-for-operator-image - params: - - name: IMAGE - value: "$(params.operator-image-build-repo):$(tasks.determine-operator-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - kind: task - # This timeout must be the same as the pipeline timeout in `operator-build.yaml`. - timeout: 1h10m - - - name: wait-for-main-image - params: - - name: IMAGE - value: "$(params.main-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - kind: task - # This timeout must be the same as the pipeline timeout in `main-build.yaml`. - timeout: 2h40m - - - name: wait-for-scanner-image - params: - - name: IMAGE - value: "$(params.scanner-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - kind: task - # This timeout must be the same as the pipeline timeout in `scanner-retag.yaml` - timeout: 40m - - - name: wait-for-scanner-db-image - params: - - name: IMAGE - value: "$(params.scanner-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - kind: task - # This timeout must be the same as the pipeline timeout in `scanner-db-retag.yaml` - timeout: 40m - - - name: wait-for-scanner-slim-image - params: - - name: IMAGE - value: "$(params.scanner-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - kind: task - # This timeout must be the same as the pipeline timeout in `scanner-slim-retag.yaml` - timeout: 40m - - - name: wait-for-scanner-db-slim-image - params: - - name: IMAGE - value: "$(params.scanner-db-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - kind: task - # This timeout must be the same as the pipeline timeout in `scanner-db-slim-retag.yaml` - timeout: 40m - - - name: wait-for-scanner-v4-image - params: - - name: IMAGE - value: "$(params.scanner-v4-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - kind: task - # This timeout must be the same as the pipeline timeout in `scanner-v4-build.yaml`. - timeout: 1h10m - - - name: wait-for-scanner-v4-db-image - params: - - name: IMAGE - value: "$(params.scanner-v4-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - kind: task - # This timeout must be the same as the pipeline timeout in `scanner-v4-db-build.yaml`. - timeout: 1h10m - - - name: wait-for-collector-slim-image - params: - - name: IMAGE - value: "$(params.collector-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - kind: task - # The timeout must be the same as the pipeline timeout in `collector-slim-retag.yaml` - timeout: 40m + # - name: wait-for-operator-image + # params: + # - name: IMAGE + # value: "$(params.operator-image-build-repo):$(tasks.determine-operator-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # kind: task + # # This timeout must be the same as the pipeline timeout in `operator-build.yaml`. + # timeout: 1h10m + + # - name: wait-for-main-image + # params: + # - name: IMAGE + # value: "$(params.main-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # kind: task + # # This timeout must be the same as the pipeline timeout in `main-build.yaml`. + # timeout: 2h40m + + # - name: wait-for-scanner-image + # params: + # - name: IMAGE + # value: "$(params.scanner-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # kind: task + # # This timeout must be the same as the pipeline timeout in `scanner-retag.yaml` + # timeout: 40m + + # - name: wait-for-scanner-db-image + # params: + # - name: IMAGE + # value: "$(params.scanner-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # kind: task + # # This timeout must be the same as the pipeline timeout in `scanner-db-retag.yaml` + # timeout: 40m + + # - name: wait-for-scanner-slim-image + # params: + # - name: IMAGE + # value: "$(params.scanner-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # kind: task + # # This timeout must be the same as the pipeline timeout in `scanner-slim-retag.yaml` + # timeout: 40m + + # - name: wait-for-scanner-db-slim-image + # params: + # - name: IMAGE + # value: "$(params.scanner-db-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # kind: task + # # This timeout must be the same as the pipeline timeout in `scanner-db-slim-retag.yaml` + # timeout: 40m + + # - name: wait-for-scanner-v4-image + # params: + # - name: IMAGE + # value: "$(params.scanner-v4-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # kind: task + # # This timeout must be the same as the pipeline timeout in `scanner-v4-build.yaml`. + # timeout: 1h10m + + # - name: wait-for-scanner-v4-db-image + # params: + # - name: IMAGE + # value: "$(params.scanner-v4-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # kind: task + # # This timeout must be the same as the pipeline timeout in `scanner-v4-db-build.yaml`. + # timeout: 1h10m + + # - name: wait-for-collector-slim-image + # params: + # - name: IMAGE + # value: "$(params.collector-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # kind: task + # # The timeout must be the same as the pipeline timeout in `collector-slim-retag.yaml` + # timeout: 40m - name: wait-for-collector-full-image params: @@ -442,274 +442,255 @@ spec: # The timeout must be the same as the pipeline timeout in `collector-full-retag.yaml` timeout: 40m - - name: wait-for-roxctl-image - params: - - name: IMAGE - value: "$(params.roxctl-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - kind: task - # This timeout must be the same as the pipeline timeout in `roxctl-build.yaml`. - timeout: 1h10m - - - name: wait-for-central-db-image - params: - - name: IMAGE - value: "$(params.central-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: - name: wait-for-image - kind: task - # This timeout must be the same as the pipeline timeout in `central-db-build.yaml`. - timeout: 1h40m - - - name: build-container - params: - - name: IMAGE - # Note the operator bundle tag is prefixed with "v". - value: $(params.output-image-repo):v$(tasks.determine-operator-image-tag.results.IMAGE_TAG) - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: HERMETIC - value: $(params.hermetic) - - name: PREFETCH_INPUT - value: $(params.prefetch-input) - - name: IMAGE_EXPIRES_AFTER - value: $(params.image-expires-after) - - name: COMMIT_SHA - value: $(tasks.clone-repository.results.commit) - - name: BUILD_ARGS - value: - - OPERATOR_IMAGE_TAG=$(tasks.determine-operator-image-tag.results.IMAGE_TAG) - - OPERATOR_IMAGE_REF=$(params.operator-image-catalog-repo)@$(tasks.wait-for-operator-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_MAIN=$(params.main-image-catalog-repo)@$(tasks.wait-for-main-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_SCANNER=$(params.scanner-image-catalog-repo)@$(tasks.wait-for-scanner-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_SCANNER_DB=$(params.scanner-db-image-catalog-repo)@$(tasks.wait-for-scanner-db-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_SCANNER_SLIM=$(params.scanner-slim-image-catalog-repo)@$(tasks.wait-for-scanner-slim-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_SCANNER_DB_SLIM=$(params.scanner-db-slim-image-catalog-repo)@$(tasks.wait-for-scanner-db-slim-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_SCANNER_V4=$(params.scanner-v4-image-catalog-repo)@$(tasks.wait-for-scanner-v4-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_SCANNER_V4_DB=$(params.scanner-v4-db-image-catalog-repo)@$(tasks.wait-for-scanner-v4-db-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_COLLECTOR_SLIM=$(params.collector-slim-image-catalog-repo)@$(tasks.wait-for-collector-slim-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_COLLECTOR_FULL=$(params.collector-full-image-catalog-repo)@$(tasks.wait-for-collector-full-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_ROXCTL=$(params.roxctl-image-catalog-repo)@$(tasks.wait-for-roxctl-image.results.IMAGE_DIGEST) - - RELATED_IMAGE_CENTRAL_DB=$(params.central-db-image-catalog-repo)@$(tasks.wait-for-central-db-image.results.IMAGE_DIGEST) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - taskRef: - params: - - name: name - value: buildah-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.2@sha256:ea5f13f235f98e9f0da599439f0b62b729901a5b6ad8d673daf3821f3f9cb66f - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: [ "true" ] - - - name: apply-tags - params: - - name: IMAGE - value: $(tasks.build-container.results.IMAGE_URL) - - name: ADDITIONAL_TAGS - value: - - konflux-$(params.revision) - taskRef: - params: - - name: name - value: apply-tags - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:87fd7fc0e937aad1a8db9b6e377d7e444f53394dafde512d68adbea6966a4702 - - name: kind - value: task - resolver: bundles - - - name: build-source-image - params: - - name: BINARY_IMAGE - value: $(tasks.build-container.results.IMAGE_URL) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - taskRef: - params: - - name: name - value: source-build-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.1@sha256:bd786bc1d33391bb169f98a1070d1a39e410b835f05fd0db0263754c65bd9bea - - name: kind - value: task - resolver: bundles - when: - - input: $(tasks.init.results.build) - operator: in - values: [ "true" ] - - input: $(params.build-source-image) - operator: in - values: [ "true" ] - - - name: deprecated-base-image-check - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - taskRef: - params: - - name: name - value: deprecated-image-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:5a1a165fa02270f0a947d8a2131ee9d8be0b8e9d34123828c2bef589e504ee84 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: [ "false" ] - - - name: clair-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - taskRef: - params: - - name: name - value: clair-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:0a5421111e7092740398691d5bd7c125cc0896f29531d19414bb5724ae41692a - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: [ "false" ] - - - name: sast-snyk-check - params: - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - - name: CACHI2_ARTIFACT - value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - taskRef: - params: - - name: name - value: sast-snyk-check-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:65a213322ea7c64159e37071d369d74b6378b23403150e29537865cada90f022 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: [ "false" ] - - - name: clamav-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - taskRef: - params: - - name: name - value: clamav-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:b4f450f1447b166da671f1d5819ab5a1485083e5c27ab91f7d8b7a2ff994c8c2 - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: [ "false" ] - - - name: rpms-signature-scan - params: - - name: image-digest - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: image-url - value: $(tasks.build-container.results.IMAGE_URL) - taskRef: - params: - - name: name - value: rpms-signature-scan - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:28aaf87d61078a0aeeeabcae455eda7d05c4f9b81d8995bdcf3dde95c1a7a77b - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: ["false"] - - - name: push-dockerfile - params: - - name: IMAGE - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - - name: DOCKERFILE - value: $(params.dockerfile) - - name: CONTEXT - value: $(params.path-context) - - name: SOURCE_ARTIFACT - value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - taskRef: - params: - - name: name - value: push-dockerfile-oci-ta - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:80d48a1b9d2707490309941ec9f79338533938f959ca9a207b481b0e8a5e7a93 - - name: kind - value: task - resolver: bundles + # - name: wait-for-roxctl-image + # params: + # - name: IMAGE + # value: "$(params.roxctl-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # kind: task + # # This timeout must be the same as the pipeline timeout in `roxctl-build.yaml`. + # timeout: 1h10m + + # - name: wait-for-central-db-image + # params: + # - name: IMAGE + # value: "$(params.central-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + # taskRef: + # name: wait-for-image + # kind: task + # # This timeout must be the same as the pipeline timeout in `central-db-build.yaml`. + # timeout: 1h40m + + # - name: build-container + # params: + # - name: IMAGE + # # Note the operator bundle tag is prefixed with "v". + # value: $(params.output-image-repo):v$(tasks.determine-operator-image-tag.results.IMAGE_TAG) + # - name: DOCKERFILE + # value: $(params.dockerfile) + # - name: CONTEXT + # value: $(params.path-context) + # - name: HERMETIC + # value: $(params.hermetic) + # - name: PREFETCH_INPUT + # value: $(params.prefetch-input) + # - name: IMAGE_EXPIRES_AFTER + # value: $(params.image-expires-after) + # - name: COMMIT_SHA + # value: $(tasks.clone-repository.results.commit) + # - name: BUILD_ARGS + # value: + # - OPERATOR_IMAGE_TAG=$(tasks.determine-operator-image-tag.results.IMAGE_TAG) + # - OPERATOR_IMAGE_REF=$(params.operator-image-catalog-repo)@$(tasks.wait-for-operator-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_MAIN=$(params.main-image-catalog-repo)@$(tasks.wait-for-main-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_SCANNER=$(params.scanner-image-catalog-repo)@$(tasks.wait-for-scanner-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_SCANNER_DB=$(params.scanner-db-image-catalog-repo)@$(tasks.wait-for-scanner-db-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_SCANNER_SLIM=$(params.scanner-slim-image-catalog-repo)@$(tasks.wait-for-scanner-slim-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_SCANNER_DB_SLIM=$(params.scanner-db-slim-image-catalog-repo)@$(tasks.wait-for-scanner-db-slim-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_SCANNER_V4=$(params.scanner-v4-image-catalog-repo)@$(tasks.wait-for-scanner-v4-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_SCANNER_V4_DB=$(params.scanner-v4-db-image-catalog-repo)@$(tasks.wait-for-scanner-v4-db-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_COLLECTOR_SLIM=$(params.collector-slim-image-catalog-repo)@$(tasks.wait-for-collector-slim-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_COLLECTOR_FULL=$(params.collector-full-image-catalog-repo)@$(tasks.wait-for-collector-full-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_ROXCTL=$(params.roxctl-image-catalog-repo)@$(tasks.wait-for-roxctl-image.results.IMAGE_DIGEST) + # - RELATED_IMAGE_CENTRAL_DB=$(params.central-db-image-catalog-repo)@$(tasks.wait-for-central-db-image.results.IMAGE_DIGEST) + # - name: SOURCE_ARTIFACT + # value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + # - name: CACHI2_ARTIFACT + # value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + # taskRef: + # params: + # - name: name + # value: buildah-oci-ta + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.2@sha256:ea5f13f235f98e9f0da599439f0b62b729901a5b6ad8d673daf3821f3f9cb66f + # - name: kind + # value: task + # resolver: bundles + # when: + # - input: $(tasks.init.results.build) + # operator: in + # values: [ "true" ] + + # - name: apply-tags + # params: + # - name: IMAGE + # value: $(tasks.build-container.results.IMAGE_URL) + # - name: ADDITIONAL_TAGS + # value: + # - konflux-$(params.revision) + # taskRef: + # params: + # - name: name + # value: apply-tags + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:87fd7fc0e937aad1a8db9b6e377d7e444f53394dafde512d68adbea6966a4702 + # - name: kind + # value: task + # resolver: bundles + + # - name: build-source-image + # params: + # - name: BINARY_IMAGE + # value: $(tasks.build-container.results.IMAGE_URL) + # - name: SOURCE_ARTIFACT + # value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + # - name: CACHI2_ARTIFACT + # value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + # taskRef: + # params: + # - name: name + # value: source-build-oci-ta + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.1@sha256:bd786bc1d33391bb169f98a1070d1a39e410b835f05fd0db0263754c65bd9bea + # - name: kind + # value: task + # resolver: bundles + # when: + # - input: $(tasks.init.results.build) + # operator: in + # values: [ "true" ] + # - input: $(params.build-source-image) + # operator: in + # values: [ "true" ] + + # - name: deprecated-base-image-check + # params: + # - name: IMAGE_URL + # value: $(tasks.build-container.results.IMAGE_URL) + # - name: IMAGE_DIGEST + # value: $(tasks.build-container.results.IMAGE_DIGEST) + # taskRef: + # params: + # - name: name + # value: deprecated-image-check + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:5a1a165fa02270f0a947d8a2131ee9d8be0b8e9d34123828c2bef589e504ee84 + # - name: kind + # value: task + # resolver: bundles + # when: + # - input: $(params.skip-checks) + # operator: in + # values: [ "false" ] + + # - name: clair-scan + # params: + # - name: image-digest + # value: $(tasks.build-container.results.IMAGE_DIGEST) + # - name: image-url + # value: $(tasks.build-container.results.IMAGE_URL) + # taskRef: + # params: + # - name: name + # value: clair-scan + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:0a5421111e7092740398691d5bd7c125cc0896f29531d19414bb5724ae41692a + # - name: kind + # value: task + # resolver: bundles + # when: + # - input: $(params.skip-checks) + # operator: in + # values: [ "false" ] + + # - name: sast-snyk-check + # params: + # - name: SOURCE_ARTIFACT + # value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + # - name: CACHI2_ARTIFACT + # value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + # - name: image-digest + # value: $(tasks.build-container.results.IMAGE_DIGEST) + # - name: image-url + # value: $(tasks.build-container.results.IMAGE_URL) + # taskRef: + # params: + # - name: name + # value: sast-snyk-check-oci-ta + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:65a213322ea7c64159e37071d369d74b6378b23403150e29537865cada90f022 + # - name: kind + # value: task + # resolver: bundles + # when: + # - input: $(params.skip-checks) + # operator: in + # values: [ "false" ] + + # - name: clamav-scan + # params: + # - name: image-digest + # value: $(tasks.build-container.results.IMAGE_DIGEST) + # - name: image-url + # value: $(tasks.build-container.results.IMAGE_URL) + # taskRef: + # params: + # - name: name + # value: clamav-scan + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:b4f450f1447b166da671f1d5819ab5a1485083e5c27ab91f7d8b7a2ff994c8c2 + # - name: kind + # value: task + # resolver: bundles + # when: + # - input: $(params.skip-checks) + # operator: in + # values: [ "false" ] + + # - name: rpms-signature-scan + # params: + # - name: image-digest + # value: $(tasks.build-container.results.IMAGE_DIGEST) + # - name: image-url + # value: $(tasks.build-container.results.IMAGE_URL) + # taskRef: + # params: + # - name: name + # value: rpms-signature-scan + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:28aaf87d61078a0aeeeabcae455eda7d05c4f9b81d8995bdcf3dde95c1a7a77b + # - name: kind + # value: task + # resolver: bundles + # when: + # - input: $(params.skip-checks) + # operator: in + # values: ["false"] + + # - name: push-dockerfile + # params: + # - name: IMAGE + # value: $(tasks.build-container.results.IMAGE_URL) + # - name: IMAGE_DIGEST + # value: $(tasks.build-container.results.IMAGE_DIGEST) + # - name: DOCKERFILE + # value: $(params.dockerfile) + # - name: CONTEXT + # value: $(params.path-context) + # - name: SOURCE_ARTIFACT + # value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + # taskRef: + # params: + # - name: name + # value: push-dockerfile-oci-ta + # - name: bundle + # value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:80d48a1b9d2707490309941ec9f79338533938f959ca9a207b481b0e8a5e7a93 + # - name: kind + # value: task + # resolver: bundles - name: create-acs-style-snapshot # Explicitly running after all other tasks to ensure that # - there are no failures that should prevent a release of the operator-bundle image (missing RPMs signatures, deprecated base images, ...) # - the source image is present as it is required by EC runAfter: - - apply-tags - - build-container - - build-source-image - - clair-scan - - clamav-scan - clone-repository - - deprecated-base-image-check - determine-main-image-tag - determine-operator-image-tag - init - prefetch-dependencies - - push-dockerfile - - rpms-signature-scan - - sast-snyk-check - wait-for-collector-full-image - - wait-for-collector-slim-image - - wait-for-main-image - - wait-for-operator-image - - wait-for-roxctl-image - - wait-for-scanner-db-image - - wait-for-scanner-db-slim-image - - wait-for-scanner-image - - wait-for-scanner-slim-image - - wait-for-scanner-v4-db-image - - wait-for-scanner-v4-image params: - name: SOURCE_ARTIFACT value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) From 86db3928650b2b62ffe07b8d31c5618dbb9a1b2c Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 2 Jan 2025 14:25:39 +0100 Subject: [PATCH 82/92] clean up --- .tekton/wait-for-image-task.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.tekton/wait-for-image-task.yaml b/.tekton/wait-for-image-task.yaml index b956f32cca3f0..d3fd1b350ba0f 100644 --- a/.tekton/wait-for-image-task.yaml +++ b/.tekton/wait-for-image-task.yaml @@ -34,11 +34,11 @@ spec: echo "Image $(params.IMAGE) found." - raw_info=( "$(skopeo inspect \ + raw_info="$(skopeo inspect \ --retry-times 10 \ --format '{{.Digest}} {{ index .Labels "vcs-ref" }} {{ index .Labels "source-location" }}' \ --no-tags \ - "docker://$(params.IMAGE)")" ) + "docker://$(params.IMAGE)")" # Turning raw_info into an array for easier handling. infos=( $raw_info ) From be2211baecca415bbb840e7b51beeb1aef7c2d1e Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 2 Jan 2025 15:30:38 +0100 Subject: [PATCH 83/92] reorder environment variables --- .konflux/scripts/render_snapshot.py | 18 ++++++------- .tekton/create-snapshot-task.yaml | 39 +++++++++++++---------------- 2 files changed, 27 insertions(+), 30 deletions(-) diff --git a/.konflux/scripts/render_snapshot.py b/.konflux/scripts/render_snapshot.py index 5788202af7f69..f10d0b6d8b498 100755 --- a/.konflux/scripts/render_snapshot.py +++ b/.konflux/scripts/render_snapshot.py @@ -18,8 +18,8 @@ def determine_snapshot_name(prefix, product_version): return f"{prefix}{product_version}-{timestamp}".lower() -def parse_image_refs(image_refs): - return json.loads(image_refs) +def parse_components_input(raw_input): + return json.loads(raw_input) def validate_component(component): @@ -77,16 +77,17 @@ def write_snapshot(snapshot, results_path): if __name__ == '__main__': - application = os.environ["APPLICATION"] # 1 + application = os.environ["APPLICATION"] + raw_components = parse_components_input(os.environ["COMPONENTS"]) + namespace = os.environ["NAMESPACE"] + pipeline_run_name = os.environ["PIPELINE_RUN_NAME"] + product_version = os.environ["PRODUCT_VERSION"] + snapshot_name_result_path = os.environ["SNAPSHOT_NAME_RESULT_PATH"] + product_version_suffix = determine_product_version_suffix(application) snapshot_name = determine_snapshot_name(application, product_version_suffix) - raw_components = parse_image_refs(os.environ["COMPONENTS"]) # 2 components = [process_component(c, product_version_suffix) for c in raw_components] - product_version = os.environ["PRODUCT_VERSION"] # 3 - pipeline_run_name = os.environ["PIPELINE_RUN_NAME"] # 4 - namespace = os.environ["NAMESPACE"] # 5 - snapshot = construct_snapshot( snapshot_name=snapshot_name, pipeline_run_name=pipeline_run_name, @@ -95,6 +96,5 @@ def write_snapshot(snapshot, results_path): components=components ) - snapshot_name_result_path = os.environ["SNAPSHOT_NAME_RESULT_PATH"] write_snapshot(snapshot, snapshot_name_result_path) print("Rendered snapshot written to workspace.") diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index b1d131ebc9ae2..696a37a06e6af 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -35,27 +35,24 @@ spec: image: registry.access.redhat.com/ubi9:latest@sha256:1057dab827c782abcfb9bda0c3900c0966b5066e671d54976a7bcb3a2d1a5e53 workingDir: /var/workdir/source env: - # These values must be provided as environment variables. - # They cannot be provided as arguments to the Python script. - - name: APPLICATION - valueFrom: - fieldRef: - fieldPath: metadata.labels['appstudio.openshift.io/application'] - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: PIPELINE_RUN_NAME - valueFrom: - fieldRef: - fieldPath: metadata.labels['tekton.dev/pipeline'] - # TODO(when inline Python script): refactor below vars to args: attribute - - name: COMPONENTS - value: $(params.COMPONENTS) - - name: PRODUCT_VERSION - value: $(params.PRODUCT_VERSION) - - name: SNAPSHOT_NAME_RESULT_PATH - value: $(results.SNAPSHOT_NAME.path) + - name: APPLICATION + valueFrom: + fieldRef: + fieldPath: metadata.labels['appstudio.openshift.io/application'] + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: PIPELINE_RUN_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['tekton.dev/pipeline'] + - name: COMPONENTS + value: $(params.COMPONENTS) + - name: PRODUCT_VERSION + value: $(params.PRODUCT_VERSION) + - name: SNAPSHOT_NAME_RESULT_PATH + value: $(results.SNAPSHOT_NAME.path) script: .konflux/scripts/render_snapshot.py - name: create-snapshot From adda63c5aa163566d5e5db9a6fddfc6ca03bda0e Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Fri, 3 Jan 2025 10:11:33 +0100 Subject: [PATCH 84/92] Apply suggestions from code review Co-authored-by: Misha Sugakov <537715+msugakov@users.noreply.github.com> --- .github/workflows/style.yaml | 2 +- .konflux/scripts/render_snapshot.py | 3 ++- .tekton/create-snapshot-task.yaml | 2 +- .tekton/wait-for-image-task.yaml | 4 ++-- scripts/ci/jobs/check-konflux-pipelines.sh | 2 +- 5 files changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml index 4c2940356717b..af0ce30af241f 100644 --- a/.github/workflows/style.yaml +++ b/.github/workflows/style.yaml @@ -75,7 +75,7 @@ jobs: - name: Check Policies run: scripts/ci/jobs/policy-checks.sh - - name: Check Konflux pipeline modifications + - name: Check Konflux pipelines run: scripts/ci/jobs/check-konflux-pipelines.sh style-check: diff --git a/.konflux/scripts/render_snapshot.py b/.konflux/scripts/render_snapshot.py index f10d0b6d8b498..a54f8b4e49a14 100755 --- a/.konflux/scripts/render_snapshot.py +++ b/.konflux/scripts/render_snapshot.py @@ -14,6 +14,7 @@ def determine_product_version_suffix(application): def determine_snapshot_name(prefix, product_version): + # The timestamp is added to the Snapshot name so that we can differentiate Snapshots from rebuilds of the same commit or tag. timestamp = datetime.datetime.now(datetime.timezone.utc).strftime("%Y%m%dT%H%M%SZ") return f"{prefix}{product_version}-{timestamp}".lower() @@ -28,7 +29,7 @@ def validate_component(component): and component["containerImage"] != "" and component["revision"] != "" and component["repository"] != "" - ), "Component must have component name, ref, revision and repository set." + ), "Component must have component name, containerImage, revision and repository set." def process_component(component, product_version_suffix): diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index 696a37a06e6af..f679cd707a2f9 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -46,7 +46,7 @@ spec: - name: PIPELINE_RUN_NAME valueFrom: fieldRef: - fieldPath: metadata.labels['tekton.dev/pipeline'] + fieldPath: metadata.labels['tekton.dev/pipelineRun'] - name: COMPONENTS value: $(params.COMPONENTS) - name: PRODUCT_VERSION diff --git a/.tekton/wait-for-image-task.yaml b/.tekton/wait-for-image-task.yaml index d3fd1b350ba0f..98a1ed7d07fcd 100644 --- a/.tekton/wait-for-image-task.yaml +++ b/.tekton/wait-for-image-task.yaml @@ -11,9 +11,9 @@ spec: type: string results: - name: GIT_REF - description: Git commit for the image's source code if provided as `vcs-ref` image label. + description: Git commit for the image's source code from `vcs-ref` image label. - name: GIT_REPO - description: Git repository URL for the image's source code if provided as `source-location` image label. + description: Git repository URL for the image's source code from `source-location` image label. - name: IMAGE_DIGEST description: Image digest in the format `sha256:abcdef0123`. steps: diff --git a/scripts/ci/jobs/check-konflux-pipelines.sh b/scripts/ci/jobs/check-konflux-pipelines.sh index ae4ae652c419d..489ef5135cdf3 100755 --- a/scripts/ci/jobs/check-konflux-pipelines.sh +++ b/scripts/ci/jobs/check-konflux-pipelines.sh @@ -9,7 +9,7 @@ ensure_create_snapshot_runs_last() { expected_runafter="$(yq eval '.spec.tasks[] | select(.name != "create-acs-style-snapshot") | .name' .tekton/operator-bundle-pipeline.yaml | sort)" actual_runafter="$(yq eval '.spec.tasks[] | select(.name == "create-acs-style-snapshot") | .runAfter[]' .tekton/operator-bundle-pipeline.yaml)" - echo "➤ .tekton/operator-bundle-pipeline.yaml // create-acs-style-snapshot: task's runAfter contents shall match the expected ones (left - expected, right - actual)." + echo "➤ .tekton/operator-bundle-pipeline.yaml // checking create-acs-style-snapshot: task's runAfter contents shall match the expected ones (left - expected, right - actual)." if ! diff --side-by-side <(echo "${expected_runafter}") <(echo "${actual_runafter}"); then echo >&2 -e """ ✗ ERROR: From 0ca028a6d42cab7618b7b9811ec15570a4b9fcca Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Fri, 3 Jan 2025 10:32:15 +0100 Subject: [PATCH 85/92] apply remaining review suggestions --- .konflux/scripts/render_snapshot.py | 38 +++++++++++----------- .tekton/create-snapshot-task.yaml | 4 +-- .tekton/wait-for-image-task.yaml | 2 +- scripts/ci/jobs/check-konflux-pipelines.sh | 10 +++--- 4 files changed, 28 insertions(+), 26 deletions(-) diff --git a/.konflux/scripts/render_snapshot.py b/.konflux/scripts/render_snapshot.py index a54f8b4e49a14..de27f8fac244e 100755 --- a/.konflux/scripts/render_snapshot.py +++ b/.konflux/scripts/render_snapshot.py @@ -6,7 +6,11 @@ import re -def determine_product_version_suffix(application): +def parse_components_input(raw_input): + return json.loads(raw_input) + + +def determine_resource_version_suffix(application): match = re.search(r"(?P-\d+-\d+$)", application) if match: return match.group("version") @@ -19,24 +23,11 @@ def determine_snapshot_name(prefix, product_version): return f"{prefix}{product_version}-{timestamp}".lower() -def parse_components_input(raw_input): - return json.loads(raw_input) - - -def validate_component(component): - assert ( - component["name"] != "" - and component["containerImage"] != "" - and component["revision"] != "" - and component["repository"] != "" - ), "Component must have component name, containerImage, revision and repository set." - - -def process_component(component, product_version_suffix): +def process_component(component, resource_version_suffix): validate_component(component) return { "containerImage": component["containerImage"], - "name": f"{component['name']}{product_version_suffix}", + "name": f"{component['name']}{resource_version_suffix}", "source": { "git": { "revision": component["revision"], @@ -46,6 +37,15 @@ def process_component(component, product_version_suffix): } +def validate_component(component): + assert ( + component["name"] != "" + and component["containerImage"] != "" + and component["revision"] != "" + and component["repository"] != "" + ), "Component must have component name, containerImage, revision and repository set." + + def construct_snapshot( snapshot_name, pipeline_run_name, @@ -85,9 +85,9 @@ def write_snapshot(snapshot, results_path): product_version = os.environ["PRODUCT_VERSION"] snapshot_name_result_path = os.environ["SNAPSHOT_NAME_RESULT_PATH"] - product_version_suffix = determine_product_version_suffix(application) - snapshot_name = determine_snapshot_name(application, product_version_suffix) - components = [process_component(c, product_version_suffix) for c in raw_components] + resource_version_suffix = determine_resource_version_suffix(application) + snapshot_name = determine_snapshot_name(application, resource_version_suffix) + components = [process_component(c, resource_version_suffix) for c in raw_components] snapshot = construct_snapshot( snapshot_name=snapshot_name, diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index f679cd707a2f9..d4c2787677f98 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -39,6 +39,8 @@ spec: valueFrom: fieldRef: fieldPath: metadata.labels['appstudio.openshift.io/application'] + - name: COMPONENTS + value: $(params.COMPONENTS) - name: NAMESPACE valueFrom: fieldRef: @@ -47,8 +49,6 @@ spec: valueFrom: fieldRef: fieldPath: metadata.labels['tekton.dev/pipelineRun'] - - name: COMPONENTS - value: $(params.COMPONENTS) - name: PRODUCT_VERSION value: $(params.PRODUCT_VERSION) - name: SNAPSHOT_NAME_RESULT_PATH diff --git a/.tekton/wait-for-image-task.yaml b/.tekton/wait-for-image-task.yaml index 98a1ed7d07fcd..90f9f5f7b103c 100644 --- a/.tekton/wait-for-image-task.yaml +++ b/.tekton/wait-for-image-task.yaml @@ -42,7 +42,7 @@ spec: # Turning raw_info into an array for easier handling. infos=( $raw_info ) - if [ ${#infos[@]} -ne 3 ]; then + if [[ "${#infos[@]}" -ne 3 ]]; then echo "ERROR: Not all required information was found. Verify that the 'vcs-ref' and 'source-location' labels are set on the image $(params.IMAGE)." exit 1 fi diff --git a/scripts/ci/jobs/check-konflux-pipelines.sh b/scripts/ci/jobs/check-konflux-pipelines.sh index 489ef5135cdf3..73edc86516ff1 100755 --- a/scripts/ci/jobs/check-konflux-pipelines.sh +++ b/scripts/ci/jobs/check-konflux-pipelines.sh @@ -6,10 +6,12 @@ set -euo pipefail ensure_create_snapshot_runs_last() { - expected_runafter="$(yq eval '.spec.tasks[] | select(.name != "create-acs-style-snapshot") | .name' .tekton/operator-bundle-pipeline.yaml | sort)" - actual_runafter="$(yq eval '.spec.tasks[] | select(.name == "create-acs-style-snapshot") | .runAfter[]' .tekton/operator-bundle-pipeline.yaml)" + local pipeline_path=".tekton/operator-bundle-pipeline.yaml" + local task_name="create-acs-style-snapshot" + expected_runafter="$(yq eval '.spec.tasks[] | select(.name != '\"${task_name}\"') | .name' "${pipeline_path}" | sort)" + actual_runafter="$(yq eval '.spec.tasks[] | select(.name == '\"${task_name}\"') | .runAfter[]' "${pipeline_path}")" - echo "➤ .tekton/operator-bundle-pipeline.yaml // checking create-acs-style-snapshot: task's runAfter contents shall match the expected ones (left - expected, right - actual)." + echo "➤ ${pipeline_path} // checking create-acs-style-snapshot: task's runAfter contents shall match the expected ones (left - expected, right - actual)." if ! diff --side-by-side <(echo "${expected_runafter}") <(echo "${actual_runafter}"); then echo >&2 -e """ ✗ ERROR: @@ -17,7 +19,7 @@ ensure_create_snapshot_runs_last() { The actual runAfter contents do not match the expectations. To resolve: -1. Open .tekton/operator-bundle-pipeline.yaml and locate the create-acs-style-snapshot task +1. Open ${pipeline_path} and locate the ${task_name} task 2. Update the runAfter attribute of this task to this list of all previous tasks in the pipeline (sorted alphabetically): ${expected_runafter} From 14136836bd0884e6bdccf61d83e55a93474fc37d Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Mon, 6 Jan 2025 09:06:29 +0100 Subject: [PATCH 86/92] use updated wait-for-image task and refactor script into task (inline) --- .konflux/scripts/render_snapshot.py | 101 ----------------------- .tekton/create-snapshot-task.yaml | 111 ++++++++++++++++++++++++-- .tekton/operator-bundle-pipeline.yaml | 62 +++++++------- 3 files changed, 130 insertions(+), 144 deletions(-) delete mode 100755 .konflux/scripts/render_snapshot.py diff --git a/.konflux/scripts/render_snapshot.py b/.konflux/scripts/render_snapshot.py deleted file mode 100755 index de27f8fac244e..0000000000000 --- a/.konflux/scripts/render_snapshot.py +++ /dev/null @@ -1,101 +0,0 @@ -#!/usr/bin/env python3 - -import datetime -import json -import os -import re - - -def parse_components_input(raw_input): - return json.loads(raw_input) - - -def determine_resource_version_suffix(application): - match = re.search(r"(?P-\d+-\d+$)", application) - if match: - return match.group("version") - return "" - - -def determine_snapshot_name(prefix, product_version): - # The timestamp is added to the Snapshot name so that we can differentiate Snapshots from rebuilds of the same commit or tag. - timestamp = datetime.datetime.now(datetime.timezone.utc).strftime("%Y%m%dT%H%M%SZ") - return f"{prefix}{product_version}-{timestamp}".lower() - - -def process_component(component, resource_version_suffix): - validate_component(component) - return { - "containerImage": component["containerImage"], - "name": f"{component['name']}{resource_version_suffix}", - "source": { - "git": { - "revision": component["revision"], - "url": component["repository"] - } - } - } - - -def validate_component(component): - assert ( - component["name"] != "" - and component["containerImage"] != "" - and component["revision"] != "" - and component["repository"] != "" - ), "Component must have component name, containerImage, revision and repository set." - - -def construct_snapshot( - snapshot_name, - pipeline_run_name, - namespace, - application, - components -): - return { - "apiVersion": "appstudio.redhat.com/v1alpha1", - "kind": "Snapshot", - "metadata": { - "name": snapshot_name, - "namespace": namespace, - "labels": { - "appstudio.openshift.io/build-pipelinerun": pipeline_run_name - } - }, - "spec": { - "application": application, - "components": components - } - } - - -def write_snapshot(snapshot, results_path): - with open("snapshot.json", "w") as f: - json.dump(snapshot, f) - with open(results_path, "w", newline="") as f: - f.write(snapshot["metadata"]["name"]) - - -if __name__ == '__main__': - application = os.environ["APPLICATION"] - raw_components = parse_components_input(os.environ["COMPONENTS"]) - namespace = os.environ["NAMESPACE"] - pipeline_run_name = os.environ["PIPELINE_RUN_NAME"] - product_version = os.environ["PRODUCT_VERSION"] - snapshot_name_result_path = os.environ["SNAPSHOT_NAME_RESULT_PATH"] - - resource_version_suffix = determine_resource_version_suffix(application) - snapshot_name = determine_snapshot_name(application, resource_version_suffix) - components = [process_component(c, resource_version_suffix) for c in raw_components] - - snapshot = construct_snapshot( - snapshot_name=snapshot_name, - pipeline_run_name=pipeline_run_name, - namespace=namespace, - application=application, - components=components - ) - - write_snapshot(snapshot, snapshot_name_result_path) - print("Rendered snapshot written to workspace.") diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml index d4c2787677f98..9abbdac9618d2 100644 --- a/.tekton/create-snapshot-task.yaml +++ b/.tekton/create-snapshot-task.yaml @@ -25,15 +25,10 @@ spec: volumeMounts: - mountPath: /var/workdir name: workdir + workingDir: /var/workdir steps: - - name: use-trusted-artifact - image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:81c4864dae6bb11595f657be887e205262e70086a05ed16ada827fd6391926ac - args: - - use - - $(params.SOURCE_ARTIFACT)=/var/workdir/source - name: render-snapshot image: registry.access.redhat.com/ubi9:latest@sha256:1057dab827c782abcfb9bda0c3900c0966b5066e671d54976a7bcb3a2d1a5e53 - workingDir: /var/workdir/source env: - name: APPLICATION valueFrom: @@ -53,9 +48,109 @@ spec: value: $(params.PRODUCT_VERSION) - name: SNAPSHOT_NAME_RESULT_PATH value: $(results.SNAPSHOT_NAME.path) - script: .konflux/scripts/render_snapshot.py + script: | + #!/usr/bin/env python3 + + import datetime + import json + import os + import re + + + def parse_components_input(raw_input): + return json.loads(raw_input) + + + def determine_resource_version_suffix(application): + match = re.search(r"(?P-\d+-\d+$)", application) + if match: + return match.group("version") + return "" + + + def determine_snapshot_name(prefix, product_version): + # The timestamp is added to the Snapshot name so that we can differentiate Snapshots from rebuilds of the same commit or tag. + timestamp = datetime.datetime.now(datetime.timezone.utc).strftime("%Y%m%dT%H%M%SZ") + return f"{prefix}{product_version}-{timestamp}".lower() + + + def process_component(component, resource_version_suffix): + validate_component(component) + return { + "containerImage": component["containerImage"], + "name": f"{component['name']}{resource_version_suffix}", + "source": { + "git": { + "revision": component["revision"], + "url": component["repository"] + } + } + } + + + def validate_component(component): + assert ( + component["name"] != "" + and component["containerImage"] != "" + and component["revision"] != "" + and component["repository"] != "" + ), "Component must have component name, containerImage, revision and repository set." + + + def construct_snapshot( + snapshot_name, + pipeline_run_name, + namespace, + application, + components + ): + return { + "apiVersion": "appstudio.redhat.com/v1alpha1", + "kind": "Snapshot", + "metadata": { + "name": snapshot_name, + "namespace": namespace, + "labels": { + "appstudio.openshift.io/build-pipelinerun": pipeline_run_name + } + }, + "spec": { + "application": application, + "components": components + } + } + + + def write_snapshot(snapshot, results_path): + with open("snapshot.json", "w") as f: + json.dump(snapshot, f) + with open(results_path, "w", newline="") as f: + f.write(snapshot["metadata"]["name"]) + + + if __name__ == '__main__': + application = os.environ["APPLICATION"] + raw_components = parse_components_input(os.environ["COMPONENTS"]) + namespace = os.environ["NAMESPACE"] + pipeline_run_name = os.environ["PIPELINE_RUN_NAME"] + product_version = os.environ["PRODUCT_VERSION"] + snapshot_name_result_path = os.environ["SNAPSHOT_NAME_RESULT_PATH"] + + resource_version_suffix = determine_resource_version_suffix(application) + snapshot_name = determine_snapshot_name(application, resource_version_suffix) + components = [process_component(c, resource_version_suffix) for c in raw_components] + + snapshot = construct_snapshot( + snapshot_name=snapshot_name, + pipeline_run_name=pipeline_run_name, + namespace=namespace, + application=application, + components=components + ) + + write_snapshot(snapshot, snapshot_name_result_path) + print("Rendered snapshot written to workspace.") - name: create-snapshot image: registry.redhat.io/openshift4/ose-cli-rhel9@sha256:4f822262adc75bff1891bee0bab1611ae62dfb347f98fcf9aa2604129087eb2c - workingDir: /var/workdir/source script: oc create -f snapshot.json diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index ad0a3d0850ce4..36c2161b43a67 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -346,9 +346,15 @@ spec: # params: # - name: IMAGE # value: "$(params.operator-image-build-repo):$(tasks.determine-operator-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # kind: task + # taskRef: &wait-for-image-ref + # params: + # - name: name + # value: wait-for-image + # - name: bundle + # value: quay.io/rhacs-eng/konflux-tasks:pr-22@sha256:82317f070ce657c79c2c01e39f39606cd1ce558224952f8b196a5116b1dd7d1e + # - name: kind + # value: task + # resolver: bundles # # This timeout must be the same as the pipeline timeout in `operator-build.yaml`. # timeout: 1h10m @@ -356,9 +362,7 @@ spec: # params: # - name: IMAGE # value: "$(params.main-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # kind: task + # taskRef: *wait-for-image-ref # # This timeout must be the same as the pipeline timeout in `main-build.yaml`. # timeout: 2h40m @@ -366,9 +370,7 @@ spec: # params: # - name: IMAGE # value: "$(params.scanner-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # kind: task + # taskRef: *wait-for-image-ref # # This timeout must be the same as the pipeline timeout in `scanner-retag.yaml` # timeout: 40m @@ -376,9 +378,7 @@ spec: # params: # - name: IMAGE # value: "$(params.scanner-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # kind: task + # taskRef: *wait-for-image-ref # # This timeout must be the same as the pipeline timeout in `scanner-db-retag.yaml` # timeout: 40m @@ -386,9 +386,7 @@ spec: # params: # - name: IMAGE # value: "$(params.scanner-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # kind: task + # taskRef: *wait-for-image-ref # # This timeout must be the same as the pipeline timeout in `scanner-slim-retag.yaml` # timeout: 40m @@ -396,9 +394,7 @@ spec: # params: # - name: IMAGE # value: "$(params.scanner-db-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # kind: task + # taskRef: *wait-for-image-ref # # This timeout must be the same as the pipeline timeout in `scanner-db-slim-retag.yaml` # timeout: 40m @@ -406,9 +402,7 @@ spec: # params: # - name: IMAGE # value: "$(params.scanner-v4-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # kind: task + # taskRef: *wait-for-image-ref # # This timeout must be the same as the pipeline timeout in `scanner-v4-build.yaml`. # timeout: 1h10m @@ -416,9 +410,7 @@ spec: # params: # - name: IMAGE # value: "$(params.scanner-v4-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # kind: task + # taskRef: *wait-for-image-ref # # This timeout must be the same as the pipeline timeout in `scanner-v4-db-build.yaml`. # timeout: 1h10m @@ -426,9 +418,7 @@ spec: # params: # - name: IMAGE # value: "$(params.collector-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # kind: task + # taskRef: *wait-for-image-ref # # The timeout must be the same as the pipeline timeout in `collector-slim-retag.yaml` # timeout: 40m @@ -437,8 +427,14 @@ spec: - name: IMAGE value: "$(params.collector-full-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" taskRef: - name: wait-for-image - kind: task + params: + - name: name + value: wait-for-image + - name: bundle + value: quay.io/rhacs-eng/konflux-tasks:pr-22@sha256:82317f070ce657c79c2c01e39f39606cd1ce558224952f8b196a5116b1dd7d1e + - name: kind + value: task + resolver: bundles # The timeout must be the same as the pipeline timeout in `collector-full-retag.yaml` timeout: 40m @@ -446,9 +442,7 @@ spec: # params: # - name: IMAGE # value: "$(params.roxctl-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # kind: task + # taskRef: *wait-for-image-ref # # This timeout must be the same as the pipeline timeout in `roxctl-build.yaml`. # timeout: 1h10m @@ -456,9 +450,7 @@ spec: # params: # - name: IMAGE # value: "$(params.central-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: - # name: wait-for-image - # kind: task + # taskRef: *wait-for-image-ref # # This timeout must be the same as the pipeline timeout in `central-db-build.yaml`. # timeout: 1h40m From a514e626f9f3127803f5bac2505f780dde5fec19 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Mon, 6 Jan 2025 09:07:12 +0100 Subject: [PATCH 87/92] remove wait-for-image task --- .tekton/wait-for-image-task.yaml | 52 -------------------------------- 1 file changed, 52 deletions(-) delete mode 100644 .tekton/wait-for-image-task.yaml diff --git a/.tekton/wait-for-image-task.yaml b/.tekton/wait-for-image-task.yaml deleted file mode 100644 index 90f9f5f7b103c..0000000000000 --- a/.tekton/wait-for-image-task.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: tekton.dev/v1 -kind: Task -metadata: - name: wait-for-image - namespace: rh-acs-tenant -spec: - description: Waits until the specified image is found and returns its digest. - params: - - name: IMAGE - description: Image reference. - type: string - results: - - name: GIT_REF - description: Git commit for the image's source code from `vcs-ref` image label. - - name: GIT_REPO - description: Git repository URL for the image's source code from `source-location` image label. - - name: IMAGE_DIGEST - description: Image digest in the format `sha256:abcdef0123`. - steps: - - name: wait-for-image - image: registry.access.redhat.com/ubi9/skopeo@sha256:f9f5916c4c1c988250b72ce8cc07355bede5c3bc78a082340be53457dfb16922 - script: | - #!/usr/bin/env bash - - set -euo pipefail - - echo "Waiting for image $(params.IMAGE) to become available..." - while true; do - if skopeo inspect --raw "docker://$(params.IMAGE)"; then - break - fi - sleep 1m - done - - echo "Image $(params.IMAGE) found." - - raw_info="$(skopeo inspect \ - --retry-times 10 \ - --format '{{.Digest}} {{ index .Labels "vcs-ref" }} {{ index .Labels "source-location" }}' \ - --no-tags \ - "docker://$(params.IMAGE)")" - - # Turning raw_info into an array for easier handling. - infos=( $raw_info ) - if [[ "${#infos[@]}" -ne 3 ]]; then - echo "ERROR: Not all required information was found. Verify that the 'vcs-ref' and 'source-location' labels are set on the image $(params.IMAGE)." - exit 1 - fi - - echo -n "${infos[0]}" | tee "$(results.IMAGE_DIGEST.path)" - echo -n "${infos[1]}" | tee "$(results.GIT_REF.path)" - echo -n "${infos[2]}" | tee "$(results.GIT_REPO.path)" From d4e468d8b60c16905b8f9ad3ed3fbd691d254a8e Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Mon, 6 Jan 2025 09:19:38 +0100 Subject: [PATCH 88/92] move create-snapshot task to konflux-tasks repository --- .tekton/create-snapshot-task.yaml | 156 -------------------------- .tekton/operator-bundle-pipeline.yaml | 14 ++- 2 files changed, 10 insertions(+), 160 deletions(-) delete mode 100644 .tekton/create-snapshot-task.yaml diff --git a/.tekton/create-snapshot-task.yaml b/.tekton/create-snapshot-task.yaml deleted file mode 100644 index 9abbdac9618d2..0000000000000 --- a/.tekton/create-snapshot-task.yaml +++ /dev/null @@ -1,156 +0,0 @@ -apiVersion: tekton.dev/v1 -kind: Task -metadata: - name: create-snapshot - namespace: rh-acs-tenant -spec: - description: Creates a snapshot based on the component names, image refs and Git information passed to the task. - params: - - name: SOURCE_ARTIFACT - description: The Trusted Artifact URI pointing to the application source code. - type: string - - name: COMPONENTS - description: A stringified JSON array with information about components with name, container image ref, git repo and git revision for each. - type: string - - name: PRODUCT_VERSION - description: Product version to record as part of the Snapshot's name to be able to identify snapshots more easily. Pass here the result from determine-image-tag for the main image. - type: string - results: - - name: SNAPSHOT_NAME - description: Name of the snapshot created by this task. - volumes: - - name: workdir - emptyDir: { } - stepTemplate: - volumeMounts: - - mountPath: /var/workdir - name: workdir - workingDir: /var/workdir - steps: - - name: render-snapshot - image: registry.access.redhat.com/ubi9:latest@sha256:1057dab827c782abcfb9bda0c3900c0966b5066e671d54976a7bcb3a2d1a5e53 - env: - - name: APPLICATION - valueFrom: - fieldRef: - fieldPath: metadata.labels['appstudio.openshift.io/application'] - - name: COMPONENTS - value: $(params.COMPONENTS) - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: PIPELINE_RUN_NAME - valueFrom: - fieldRef: - fieldPath: metadata.labels['tekton.dev/pipelineRun'] - - name: PRODUCT_VERSION - value: $(params.PRODUCT_VERSION) - - name: SNAPSHOT_NAME_RESULT_PATH - value: $(results.SNAPSHOT_NAME.path) - script: | - #!/usr/bin/env python3 - - import datetime - import json - import os - import re - - - def parse_components_input(raw_input): - return json.loads(raw_input) - - - def determine_resource_version_suffix(application): - match = re.search(r"(?P-\d+-\d+$)", application) - if match: - return match.group("version") - return "" - - - def determine_snapshot_name(prefix, product_version): - # The timestamp is added to the Snapshot name so that we can differentiate Snapshots from rebuilds of the same commit or tag. - timestamp = datetime.datetime.now(datetime.timezone.utc).strftime("%Y%m%dT%H%M%SZ") - return f"{prefix}{product_version}-{timestamp}".lower() - - - def process_component(component, resource_version_suffix): - validate_component(component) - return { - "containerImage": component["containerImage"], - "name": f"{component['name']}{resource_version_suffix}", - "source": { - "git": { - "revision": component["revision"], - "url": component["repository"] - } - } - } - - - def validate_component(component): - assert ( - component["name"] != "" - and component["containerImage"] != "" - and component["revision"] != "" - and component["repository"] != "" - ), "Component must have component name, containerImage, revision and repository set." - - - def construct_snapshot( - snapshot_name, - pipeline_run_name, - namespace, - application, - components - ): - return { - "apiVersion": "appstudio.redhat.com/v1alpha1", - "kind": "Snapshot", - "metadata": { - "name": snapshot_name, - "namespace": namespace, - "labels": { - "appstudio.openshift.io/build-pipelinerun": pipeline_run_name - } - }, - "spec": { - "application": application, - "components": components - } - } - - - def write_snapshot(snapshot, results_path): - with open("snapshot.json", "w") as f: - json.dump(snapshot, f) - with open(results_path, "w", newline="") as f: - f.write(snapshot["metadata"]["name"]) - - - if __name__ == '__main__': - application = os.environ["APPLICATION"] - raw_components = parse_components_input(os.environ["COMPONENTS"]) - namespace = os.environ["NAMESPACE"] - pipeline_run_name = os.environ["PIPELINE_RUN_NAME"] - product_version = os.environ["PRODUCT_VERSION"] - snapshot_name_result_path = os.environ["SNAPSHOT_NAME_RESULT_PATH"] - - resource_version_suffix = determine_resource_version_suffix(application) - snapshot_name = determine_snapshot_name(application, resource_version_suffix) - components = [process_component(c, resource_version_suffix) for c in raw_components] - - snapshot = construct_snapshot( - snapshot_name=snapshot_name, - pipeline_run_name=pipeline_run_name, - namespace=namespace, - application=application, - components=components - ) - - write_snapshot(snapshot, snapshot_name_result_path) - print("Rendered snapshot written to workspace.") - - - name: create-snapshot - image: registry.redhat.io/openshift4/ose-cli-rhel9@sha256:4f822262adc75bff1891bee0bab1611ae62dfb347f98fcf9aa2604129087eb2c - script: oc create -f snapshot.json diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index 36c2161b43a67..a37d044760799 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -351,7 +351,7 @@ spec: # - name: name # value: wait-for-image # - name: bundle - # value: quay.io/rhacs-eng/konflux-tasks:pr-22@sha256:82317f070ce657c79c2c01e39f39606cd1ce558224952f8b196a5116b1dd7d1e + # value: quay.io/rhacs-eng/konflux-tasks:pr-22@sha256:e0cc2312fe3691442fd3e9dfa55a14b6a1490f8db98debac51dd2a054f2c274a # - name: kind # value: task # resolver: bundles @@ -431,7 +431,7 @@ spec: - name: name value: wait-for-image - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:pr-22@sha256:82317f070ce657c79c2c01e39f39606cd1ce558224952f8b196a5116b1dd7d1e + value: quay.io/rhacs-eng/konflux-tasks:pr-22@sha256:e0cc2312fe3691442fd3e9dfa55a14b6a1490f8db98debac51dd2a054f2c274a - name: kind value: task resolver: bundles @@ -699,5 +699,11 @@ spec: - name: PRODUCT_VERSION value: $(tasks.determine-main-image-tag.results.IMAGE_TAG) taskRef: - name: create-snapshot - kind: task + params: + - name: name + value: create-snapshot + - name: bundle + value: quay.io/rhacs-eng/konflux-tasks:pr-22@sha256:e0cc2312fe3691442fd3e9dfa55a14b6a1490f8db98debac51dd2a054f2c274a + - name: kind + value: task + resolver: bundles From c71d2008b732d9f4d7f3527ef36113f8c4965670 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Mon, 6 Jan 2025 09:41:07 +0100 Subject: [PATCH 89/92] run full operator-bundle pipeline and snapshot --- .tekton/operator-bundle-pipeline.yaml | 772 ++++++++++++++------------ 1 file changed, 428 insertions(+), 344 deletions(-) diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index a37d044760799..8a7795ddf409e 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -26,19 +26,19 @@ spec: value: task resolver: bundles - # - name: show-sbom - # params: - # - name: IMAGE_URL - # value: $(tasks.build-container.results.IMAGE_URL) - # taskRef: - # params: - # - name: name - # value: show-sbom - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 - # - name: kind - # value: task - # resolver: bundles + - name: show-sbom + params: + - name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + taskRef: + params: + - name: name + value: show-sbom + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 + - name: kind + value: task + resolver: bundles params: - description: Source Repository URL @@ -215,21 +215,21 @@ spec: default: "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8" results: - # - description: "" - # name: IMAGE_URL - # value: $(tasks.build-container.results.IMAGE_URL) - # - description: "" - # name: IMAGE_DIGEST - # value: $(tasks.build-container.results.IMAGE_DIGEST) - # - description: "" - # name: CHAINS-GIT_URL - # value: $(tasks.clone-repository.results.url) - # - description: "" - # name: CHAINS-GIT_COMMIT - # value: $(tasks.clone-repository.results.commit) - # - description: "" - # name: JAVA_COMMUNITY_DEPENDENCIES - # value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) + - description: "" + name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + - description: "" + name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) + - description: "" + name: CHAINS-GIT_URL + value: $(tasks.clone-repository.results.url) + - description: "" + name: CHAINS-GIT_COMMIT + value: $(tasks.clone-repository.results.commit) + - description: "" + name: JAVA_COMMUNITY_DEPENDENCIES + value: $(tasks.build-container.results.JAVA_COMMUNITY_DEPENDENCIES) - description: "" name: SNAPSHOT_NAME value: $(tasks.create-acs-style-snapshot.results.SNAPSHOT_NAME) @@ -342,91 +342,11 @@ spec: - name: git-basic-auth workspace: git-auth - # - name: wait-for-operator-image - # params: - # - name: IMAGE - # value: "$(params.operator-image-build-repo):$(tasks.determine-operator-image-tag.results.IMAGE_TAG)" - # taskRef: &wait-for-image-ref - # params: - # - name: name - # value: wait-for-image - # - name: bundle - # value: quay.io/rhacs-eng/konflux-tasks:pr-22@sha256:e0cc2312fe3691442fd3e9dfa55a14b6a1490f8db98debac51dd2a054f2c274a - # - name: kind - # value: task - # resolver: bundles - # # This timeout must be the same as the pipeline timeout in `operator-build.yaml`. - # timeout: 1h10m - - # - name: wait-for-main-image - # params: - # - name: IMAGE - # value: "$(params.main-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: *wait-for-image-ref - # # This timeout must be the same as the pipeline timeout in `main-build.yaml`. - # timeout: 2h40m - - # - name: wait-for-scanner-image - # params: - # - name: IMAGE - # value: "$(params.scanner-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: *wait-for-image-ref - # # This timeout must be the same as the pipeline timeout in `scanner-retag.yaml` - # timeout: 40m - - # - name: wait-for-scanner-db-image - # params: - # - name: IMAGE - # value: "$(params.scanner-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: *wait-for-image-ref - # # This timeout must be the same as the pipeline timeout in `scanner-db-retag.yaml` - # timeout: 40m - - # - name: wait-for-scanner-slim-image - # params: - # - name: IMAGE - # value: "$(params.scanner-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: *wait-for-image-ref - # # This timeout must be the same as the pipeline timeout in `scanner-slim-retag.yaml` - # timeout: 40m - - # - name: wait-for-scanner-db-slim-image - # params: - # - name: IMAGE - # value: "$(params.scanner-db-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: *wait-for-image-ref - # # This timeout must be the same as the pipeline timeout in `scanner-db-slim-retag.yaml` - # timeout: 40m - - # - name: wait-for-scanner-v4-image - # params: - # - name: IMAGE - # value: "$(params.scanner-v4-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: *wait-for-image-ref - # # This timeout must be the same as the pipeline timeout in `scanner-v4-build.yaml`. - # timeout: 1h10m - - # - name: wait-for-scanner-v4-db-image - # params: - # - name: IMAGE - # value: "$(params.scanner-v4-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: *wait-for-image-ref - # # This timeout must be the same as the pipeline timeout in `scanner-v4-db-build.yaml`. - # timeout: 1h10m - - # - name: wait-for-collector-slim-image - # params: - # - name: IMAGE - # value: "$(params.collector-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: *wait-for-image-ref - # # The timeout must be the same as the pipeline timeout in `collector-slim-retag.yaml` - # timeout: 40m - - - name: wait-for-collector-full-image + - name: wait-for-operator-image params: - name: IMAGE - value: "$(params.collector-full-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - taskRef: + value: "$(params.operator-image-build-repo):$(tasks.determine-operator-image-tag.results.IMAGE_TAG)" + taskRef: &wait-for-image-ref params: - name: name value: wait-for-image @@ -435,265 +355,429 @@ spec: - name: kind value: task resolver: bundles + # This timeout must be the same as the pipeline timeout in `operator-build.yaml`. + timeout: 1h10m + + - name: wait-for-main-image + params: + - name: IMAGE + value: "$(params.main-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: *wait-for-image-ref + # This timeout must be the same as the pipeline timeout in `main-build.yaml`. + timeout: 2h40m + + - name: wait-for-scanner-image + params: + - name: IMAGE + value: "$(params.scanner-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: *wait-for-image-ref + # This timeout must be the same as the pipeline timeout in `scanner-retag.yaml` + timeout: 40m + + - name: wait-for-scanner-db-image + params: + - name: IMAGE + value: "$(params.scanner-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: *wait-for-image-ref + # This timeout must be the same as the pipeline timeout in `scanner-db-retag.yaml` + timeout: 40m + + - name: wait-for-scanner-slim-image + params: + - name: IMAGE + value: "$(params.scanner-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: *wait-for-image-ref + # This timeout must be the same as the pipeline timeout in `scanner-slim-retag.yaml` + timeout: 40m + + - name: wait-for-scanner-db-slim-image + params: + - name: IMAGE + value: "$(params.scanner-db-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: *wait-for-image-ref + # This timeout must be the same as the pipeline timeout in `scanner-db-slim-retag.yaml` + timeout: 40m + + - name: wait-for-scanner-v4-image + params: + - name: IMAGE + value: "$(params.scanner-v4-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: *wait-for-image-ref + # This timeout must be the same as the pipeline timeout in `scanner-v4-build.yaml`. + timeout: 1h10m + + - name: wait-for-scanner-v4-db-image + params: + - name: IMAGE + value: "$(params.scanner-v4-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: *wait-for-image-ref + # This timeout must be the same as the pipeline timeout in `scanner-v4-db-build.yaml`. + timeout: 1h10m + + - name: wait-for-collector-slim-image + params: + - name: IMAGE + value: "$(params.collector-slim-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: *wait-for-image-ref + # The timeout must be the same as the pipeline timeout in `collector-slim-retag.yaml` + timeout: 40m + + - name: wait-for-collector-full-image + params: + - name: IMAGE + value: "$(params.collector-full-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: *wait-for-image-ref # The timeout must be the same as the pipeline timeout in `collector-full-retag.yaml` timeout: 40m - # - name: wait-for-roxctl-image - # params: - # - name: IMAGE - # value: "$(params.roxctl-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: *wait-for-image-ref - # # This timeout must be the same as the pipeline timeout in `roxctl-build.yaml`. - # timeout: 1h10m - - # - name: wait-for-central-db-image - # params: - # - name: IMAGE - # value: "$(params.central-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" - # taskRef: *wait-for-image-ref - # # This timeout must be the same as the pipeline timeout in `central-db-build.yaml`. - # timeout: 1h40m - - # - name: build-container - # params: - # - name: IMAGE - # # Note the operator bundle tag is prefixed with "v". - # value: $(params.output-image-repo):v$(tasks.determine-operator-image-tag.results.IMAGE_TAG) - # - name: DOCKERFILE - # value: $(params.dockerfile) - # - name: CONTEXT - # value: $(params.path-context) - # - name: HERMETIC - # value: $(params.hermetic) - # - name: PREFETCH_INPUT - # value: $(params.prefetch-input) - # - name: IMAGE_EXPIRES_AFTER - # value: $(params.image-expires-after) - # - name: COMMIT_SHA - # value: $(tasks.clone-repository.results.commit) - # - name: BUILD_ARGS - # value: - # - OPERATOR_IMAGE_TAG=$(tasks.determine-operator-image-tag.results.IMAGE_TAG) - # - OPERATOR_IMAGE_REF=$(params.operator-image-catalog-repo)@$(tasks.wait-for-operator-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_MAIN=$(params.main-image-catalog-repo)@$(tasks.wait-for-main-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_SCANNER=$(params.scanner-image-catalog-repo)@$(tasks.wait-for-scanner-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_SCANNER_DB=$(params.scanner-db-image-catalog-repo)@$(tasks.wait-for-scanner-db-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_SCANNER_SLIM=$(params.scanner-slim-image-catalog-repo)@$(tasks.wait-for-scanner-slim-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_SCANNER_DB_SLIM=$(params.scanner-db-slim-image-catalog-repo)@$(tasks.wait-for-scanner-db-slim-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_SCANNER_V4=$(params.scanner-v4-image-catalog-repo)@$(tasks.wait-for-scanner-v4-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_SCANNER_V4_DB=$(params.scanner-v4-db-image-catalog-repo)@$(tasks.wait-for-scanner-v4-db-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_COLLECTOR_SLIM=$(params.collector-slim-image-catalog-repo)@$(tasks.wait-for-collector-slim-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_COLLECTOR_FULL=$(params.collector-full-image-catalog-repo)@$(tasks.wait-for-collector-full-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_ROXCTL=$(params.roxctl-image-catalog-repo)@$(tasks.wait-for-roxctl-image.results.IMAGE_DIGEST) - # - RELATED_IMAGE_CENTRAL_DB=$(params.central-db-image-catalog-repo)@$(tasks.wait-for-central-db-image.results.IMAGE_DIGEST) - # - name: SOURCE_ARTIFACT - # value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - # - name: CACHI2_ARTIFACT - # value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - # taskRef: - # params: - # - name: name - # value: buildah-oci-ta - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.2@sha256:ea5f13f235f98e9f0da599439f0b62b729901a5b6ad8d673daf3821f3f9cb66f - # - name: kind - # value: task - # resolver: bundles - # when: - # - input: $(tasks.init.results.build) - # operator: in - # values: [ "true" ] - - # - name: apply-tags - # params: - # - name: IMAGE - # value: $(tasks.build-container.results.IMAGE_URL) - # - name: ADDITIONAL_TAGS - # value: - # - konflux-$(params.revision) - # taskRef: - # params: - # - name: name - # value: apply-tags - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:87fd7fc0e937aad1a8db9b6e377d7e444f53394dafde512d68adbea6966a4702 - # - name: kind - # value: task - # resolver: bundles - - # - name: build-source-image - # params: - # - name: BINARY_IMAGE - # value: $(tasks.build-container.results.IMAGE_URL) - # - name: SOURCE_ARTIFACT - # value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - # - name: CACHI2_ARTIFACT - # value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - # taskRef: - # params: - # - name: name - # value: source-build-oci-ta - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.1@sha256:bd786bc1d33391bb169f98a1070d1a39e410b835f05fd0db0263754c65bd9bea - # - name: kind - # value: task - # resolver: bundles - # when: - # - input: $(tasks.init.results.build) - # operator: in - # values: [ "true" ] - # - input: $(params.build-source-image) - # operator: in - # values: [ "true" ] - - # - name: deprecated-base-image-check - # params: - # - name: IMAGE_URL - # value: $(tasks.build-container.results.IMAGE_URL) - # - name: IMAGE_DIGEST - # value: $(tasks.build-container.results.IMAGE_DIGEST) - # taskRef: - # params: - # - name: name - # value: deprecated-image-check - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:5a1a165fa02270f0a947d8a2131ee9d8be0b8e9d34123828c2bef589e504ee84 - # - name: kind - # value: task - # resolver: bundles - # when: - # - input: $(params.skip-checks) - # operator: in - # values: [ "false" ] - - # - name: clair-scan - # params: - # - name: image-digest - # value: $(tasks.build-container.results.IMAGE_DIGEST) - # - name: image-url - # value: $(tasks.build-container.results.IMAGE_URL) - # taskRef: - # params: - # - name: name - # value: clair-scan - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:0a5421111e7092740398691d5bd7c125cc0896f29531d19414bb5724ae41692a - # - name: kind - # value: task - # resolver: bundles - # when: - # - input: $(params.skip-checks) - # operator: in - # values: [ "false" ] - - # - name: sast-snyk-check - # params: - # - name: SOURCE_ARTIFACT - # value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - # - name: CACHI2_ARTIFACT - # value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - # - name: image-digest - # value: $(tasks.build-container.results.IMAGE_DIGEST) - # - name: image-url - # value: $(tasks.build-container.results.IMAGE_URL) - # taskRef: - # params: - # - name: name - # value: sast-snyk-check-oci-ta - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:65a213322ea7c64159e37071d369d74b6378b23403150e29537865cada90f022 - # - name: kind - # value: task - # resolver: bundles - # when: - # - input: $(params.skip-checks) - # operator: in - # values: [ "false" ] - - # - name: clamav-scan - # params: - # - name: image-digest - # value: $(tasks.build-container.results.IMAGE_DIGEST) - # - name: image-url - # value: $(tasks.build-container.results.IMAGE_URL) - # taskRef: - # params: - # - name: name - # value: clamav-scan - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:b4f450f1447b166da671f1d5819ab5a1485083e5c27ab91f7d8b7a2ff994c8c2 - # - name: kind - # value: task - # resolver: bundles - # when: - # - input: $(params.skip-checks) - # operator: in - # values: [ "false" ] - - # - name: rpms-signature-scan - # params: - # - name: image-digest - # value: $(tasks.build-container.results.IMAGE_DIGEST) - # - name: image-url - # value: $(tasks.build-container.results.IMAGE_URL) - # taskRef: - # params: - # - name: name - # value: rpms-signature-scan - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:28aaf87d61078a0aeeeabcae455eda7d05c4f9b81d8995bdcf3dde95c1a7a77b - # - name: kind - # value: task - # resolver: bundles - # when: - # - input: $(params.skip-checks) - # operator: in - # values: ["false"] - - # - name: push-dockerfile - # params: - # - name: IMAGE - # value: $(tasks.build-container.results.IMAGE_URL) - # - name: IMAGE_DIGEST - # value: $(tasks.build-container.results.IMAGE_DIGEST) - # - name: DOCKERFILE - # value: $(params.dockerfile) - # - name: CONTEXT - # value: $(params.path-context) - # - name: SOURCE_ARTIFACT - # value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - # taskRef: - # params: - # - name: name - # value: push-dockerfile-oci-ta - # - name: bundle - # value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:80d48a1b9d2707490309941ec9f79338533938f959ca9a207b481b0e8a5e7a93 - # - name: kind - # value: task - # resolver: bundles + - name: wait-for-roxctl-image + params: + - name: IMAGE + value: "$(params.roxctl-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: *wait-for-image-ref + # This timeout must be the same as the pipeline timeout in `roxctl-build.yaml`. + timeout: 1h10m + + - name: wait-for-central-db-image + params: + - name: IMAGE + value: "$(params.central-db-image-build-repo):$(tasks.determine-main-image-tag.results.IMAGE_TAG)" + taskRef: *wait-for-image-ref + # This timeout must be the same as the pipeline timeout in `central-db-build.yaml`. + timeout: 1h40m + + - name: build-container + params: + - name: IMAGE + # Note the operator bundle tag is prefixed with "v". + value: $(params.output-image-repo):v$(tasks.determine-operator-image-tag.results.IMAGE_TAG) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: HERMETIC + value: $(params.hermetic) + - name: PREFETCH_INPUT + value: $(params.prefetch-input) + - name: IMAGE_EXPIRES_AFTER + value: $(params.image-expires-after) + - name: COMMIT_SHA + value: $(tasks.clone-repository.results.commit) + - name: BUILD_ARGS + value: + - OPERATOR_IMAGE_TAG=$(tasks.determine-operator-image-tag.results.IMAGE_TAG) + - OPERATOR_IMAGE_REF=$(params.operator-image-catalog-repo)@$(tasks.wait-for-operator-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_MAIN=$(params.main-image-catalog-repo)@$(tasks.wait-for-main-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_SCANNER=$(params.scanner-image-catalog-repo)@$(tasks.wait-for-scanner-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_SCANNER_DB=$(params.scanner-db-image-catalog-repo)@$(tasks.wait-for-scanner-db-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_SCANNER_SLIM=$(params.scanner-slim-image-catalog-repo)@$(tasks.wait-for-scanner-slim-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_SCANNER_DB_SLIM=$(params.scanner-db-slim-image-catalog-repo)@$(tasks.wait-for-scanner-db-slim-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_SCANNER_V4=$(params.scanner-v4-image-catalog-repo)@$(tasks.wait-for-scanner-v4-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_SCANNER_V4_DB=$(params.scanner-v4-db-image-catalog-repo)@$(tasks.wait-for-scanner-v4-db-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_COLLECTOR_SLIM=$(params.collector-slim-image-catalog-repo)@$(tasks.wait-for-collector-slim-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_COLLECTOR_FULL=$(params.collector-full-image-catalog-repo)@$(tasks.wait-for-collector-full-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_ROXCTL=$(params.roxctl-image-catalog-repo)@$(tasks.wait-for-roxctl-image.results.IMAGE_DIGEST) + - RELATED_IMAGE_CENTRAL_DB=$(params.central-db-image-catalog-repo)@$(tasks.wait-for-central-db-image.results.IMAGE_DIGEST) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + taskRef: + params: + - name: name + value: buildah-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.2@sha256:ea5f13f235f98e9f0da599439f0b62b729901a5b6ad8d673daf3821f3f9cb66f + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: [ "true" ] + + - name: apply-tags + params: + - name: IMAGE + value: $(tasks.build-container.results.IMAGE_URL) + - name: ADDITIONAL_TAGS + value: + - konflux-$(params.revision) + taskRef: + params: + - name: name + value: apply-tags + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.1@sha256:87fd7fc0e937aad1a8db9b6e377d7e444f53394dafde512d68adbea6966a4702 + - name: kind + value: task + resolver: bundles + + - name: build-source-image + params: + - name: BINARY_IMAGE + value: $(tasks.build-container.results.IMAGE_URL) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + taskRef: + params: + - name: name + value: source-build-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.1@sha256:bd786bc1d33391bb169f98a1070d1a39e410b835f05fd0db0263754c65bd9bea + - name: kind + value: task + resolver: bundles + when: + - input: $(tasks.init.results.build) + operator: in + values: [ "true" ] + - input: $(params.build-source-image) + operator: in + values: [ "true" ] + + - name: deprecated-base-image-check + params: + - name: IMAGE_URL + value: $(tasks.build-container.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) + taskRef: + params: + - name: name + value: deprecated-image-check + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:5a1a165fa02270f0a947d8a2131ee9d8be0b8e9d34123828c2bef589e504ee84 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: [ "false" ] + + - name: clair-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + taskRef: + params: + - name: name + value: clair-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:0a5421111e7092740398691d5bd7c125cc0896f29531d19414bb5724ae41692a + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: [ "false" ] + + - name: sast-snyk-check + params: + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + - name: CACHI2_ARTIFACT + value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + taskRef: + params: + - name: name + value: sast-snyk-check-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:65a213322ea7c64159e37071d369d74b6378b23403150e29537865cada90f022 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: [ "false" ] + + - name: clamav-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + taskRef: + params: + - name: name + value: clamav-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:b4f450f1447b166da671f1d5819ab5a1485083e5c27ab91f7d8b7a2ff994c8c2 + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: [ "false" ] + + - name: rpms-signature-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:28aaf87d61078a0aeeeabcae455eda7d05c4f9b81d8995bdcf3dde95c1a7a77b + - name: kind + value: task + resolver: bundles + when: + - input: $(params.skip-checks) + operator: in + values: ["false"] + + - name: push-dockerfile + params: + - name: IMAGE + value: $(tasks.build-container.results.IMAGE_URL) + - name: IMAGE_DIGEST + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: DOCKERFILE + value: $(params.dockerfile) + - name: CONTEXT + value: $(params.path-context) + - name: SOURCE_ARTIFACT + value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) + taskRef: + params: + - name: name + value: push-dockerfile-oci-ta + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:80d48a1b9d2707490309941ec9f79338533938f959ca9a207b481b0e8a5e7a93 + - name: kind + value: task + resolver: bundles - name: create-acs-style-snapshot # Explicitly running after all other tasks to ensure that # - there are no failures that should prevent a release of the operator-bundle image (missing RPMs signatures, deprecated base images, ...) # - the source image is present as it is required by EC runAfter: + - apply-tags + - build-container + - build-source-image + - clair-scan + - clamav-scan - clone-repository + - deprecated-base-image-check - determine-main-image-tag - determine-operator-image-tag - init - prefetch-dependencies + - push-dockerfile + - rpms-signature-scan + - sast-snyk-check + - wait-for-central-db-image - wait-for-collector-full-image + - wait-for-collector-slim-image + - wait-for-main-image + - wait-for-operator-image + - wait-for-roxctl-image + - wait-for-scanner-db-image + - wait-for-scanner-db-slim-image + - wait-for-scanner-image + - wait-for-scanner-slim-image + - wait-for-scanner-v4-db-image + - wait-for-scanner-v4-image params: - name: SOURCE_ARTIFACT value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - name: COMPONENTS value: | [ + { + "name": "central-db", + "containerImage": "$(params.central-db-image-build-repo)@$(tasks.wait-for-central-db-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-central-db-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-central-db-image.results.GIT_REF)" + }, { "name": "collector", "containerImage": "$(params.collector-full-image-build-repo)@$(tasks.wait-for-collector-full-image.results.IMAGE_DIGEST)", "repository": "$(tasks.wait-for-collector-full-image.results.GIT_REPO)", "revision": "$(tasks.wait-for-collector-full-image.results.GIT_REF)" + }, + { + "name": "collector-slim", + "containerImage": "$(params.collector-slim-image-build-repo)@$(tasks.wait-for-collector-slim-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-collector-slim-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-collector-slim-image.results.GIT_REF)" + }, + { + "name": "main", + "containerImage": "$(params.main-image-build-repo)@$(tasks.wait-for-main-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-main-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-main-image.results.GIT_REF)" + }, + { + "name": "operator", + "containerImage": "$(params.operator-image-build-repo)@$(tasks.wait-for-operator-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-operator-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-operator-image.results.GIT_REF)" + }, + { + "name": "operator-bundle", + "containerImage": "$(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST)", + "repository": "$(params.git-url)", + "revision": "$(params.revision)" + }, + { + "name": "roxctl", + "containerImage": "$(params.roxctl-image-build-repo)@$(tasks.wait-for-roxctl-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-roxctl-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-roxctl-image.results.GIT_REF)" + }, + { + "name": "scanner-db", + "containerImage": "$(params.scanner-db-image-build-repo)@$(tasks.wait-for-scanner-db-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-scanner-db-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-scanner-db-image.results.GIT_REF)" + }, + { + "name": "scanner-db-slim", + "containerImage": "$(params.scanner-db-slim-image-build-repo)@$(tasks.wait-for-scanner-db-slim-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-scanner-db-slim-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-scanner-db-slim-image.results.GIT_REF)" + }, + { + "name": "scanner", + "containerImage": "$(params.scanner-image-build-repo)@$(tasks.wait-for-scanner-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-scanner-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-scanner-image.results.GIT_REF)" + }, + { + "name": "scanner-slim", + "containerImage": "$(params.scanner-slim-image-build-repo)@$(tasks.wait-for-scanner-slim-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-scanner-slim-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-scanner-slim-image.results.GIT_REF)" + }, + { + "name": "scanner-v4-db", + "containerImage": "$(params.scanner-v4-db-image-build-repo)@$(tasks.wait-for-scanner-v4-db-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-scanner-v4-db-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-scanner-v4-db-image.results.GIT_REF)" + }, + { + "name": "scanner-v4", + "containerImage": "$(params.scanner-v4-image-build-repo)@$(tasks.wait-for-scanner-v4-image.results.IMAGE_DIGEST)", + "repository": "$(tasks.wait-for-scanner-v4-image.results.GIT_REPO)", + "revision": "$(tasks.wait-for-scanner-v4-image.results.GIT_REF)" } ] - name: PRODUCT_VERSION From c0ed4ea266cc73a18c031eb20e1ba098b87e677c Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Mon, 6 Jan 2025 09:46:15 +0100 Subject: [PATCH 90/92] remove source_artifact --- .tekton/operator-bundle-pipeline.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index 8a7795ddf409e..de60cb5911ff2 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -696,8 +696,6 @@ spec: - wait-for-scanner-v4-db-image - wait-for-scanner-v4-image params: - - name: SOURCE_ARTIFACT - value: $(tasks.clone-repository.results.SOURCE_ARTIFACT) - name: COMPONENTS value: | [ From 1193ed49aef5ea77b7c13c67b5402b8a1fcd0da4 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Mon, 6 Jan 2025 11:23:41 +0100 Subject: [PATCH 91/92] update task references and apply suggestions from code review --- .tekton/operator-bundle-pipeline.yaml | 9 +++++---- scripts/ci/jobs/check-konflux-pipelines.sh | 6 +++--- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index de60cb5911ff2..aab60df515e7b 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -351,7 +351,7 @@ spec: - name: name value: wait-for-image - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:pr-22@sha256:e0cc2312fe3691442fd3e9dfa55a14b6a1490f8db98debac51dd2a054f2c274a + value: quay.io/rhacs-eng/konflux-tasks:pr-22@sha256:4ac1b0ae69c8fcb0acc147a6c5f5b9ebbfa14a4cf9ad4194b0c1544879de13d4 - name: kind value: task resolver: bundles @@ -668,6 +668,7 @@ spec: # Explicitly running after all other tasks to ensure that # - there are no failures that should prevent a release of the operator-bundle image (missing RPMs signatures, deprecated base images, ...) # - the source image is present as it is required by EC + # Use scripts/ci/jobs/check-konflux-pipelines.sh to validate and update the list. runAfter: - apply-tags - build-container @@ -696,6 +697,8 @@ spec: - wait-for-scanner-v4-db-image - wait-for-scanner-v4-image params: + - name: PRODUCT_VERSION + value: $(tasks.determine-main-image-tag.results.IMAGE_TAG) - name: COMPONENTS value: | [ @@ -778,14 +781,12 @@ spec: "revision": "$(tasks.wait-for-scanner-v4-image.results.GIT_REF)" } ] - - name: PRODUCT_VERSION - value: $(tasks.determine-main-image-tag.results.IMAGE_TAG) taskRef: params: - name: name value: create-snapshot - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:pr-22@sha256:e0cc2312fe3691442fd3e9dfa55a14b6a1490f8db98debac51dd2a054f2c274a + value: quay.io/rhacs-eng/konflux-tasks:pr-22@sha256:4ac1b0ae69c8fcb0acc147a6c5f5b9ebbfa14a4cf9ad4194b0c1544879de13d4 - name: kind value: task resolver: bundles diff --git a/scripts/ci/jobs/check-konflux-pipelines.sh b/scripts/ci/jobs/check-konflux-pipelines.sh index 73edc86516ff1..ad9fd36bf2262 100755 --- a/scripts/ci/jobs/check-konflux-pipelines.sh +++ b/scripts/ci/jobs/check-konflux-pipelines.sh @@ -11,9 +11,9 @@ ensure_create_snapshot_runs_last() { expected_runafter="$(yq eval '.spec.tasks[] | select(.name != '\"${task_name}\"') | .name' "${pipeline_path}" | sort)" actual_runafter="$(yq eval '.spec.tasks[] | select(.name == '\"${task_name}\"') | .runAfter[]' "${pipeline_path}")" - echo "➤ ${pipeline_path} // checking create-acs-style-snapshot: task's runAfter contents shall match the expected ones (left - expected, right - actual)." + echo "➤ ${pipeline_path} // checking ${task_name}: task's runAfter contents shall match the expected ones (left - expected, right - actual)." if ! diff --side-by-side <(echo "${expected_runafter}") <(echo "${actual_runafter}"); then - echo >&2 -e """ + echo >&2 -e " ✗ ERROR: The actual runAfter contents do not match the expectations. @@ -23,7 +23,7 @@ To resolve: 2. Update the runAfter attribute of this task to this list of all previous tasks in the pipeline (sorted alphabetically): ${expected_runafter} - """ + " exit 1 else echo "✓ No diff detected." From 01227b5cb4a2ed06574fbb026bbcca54a421b3c2 Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Tue, 7 Jan 2025 12:26:21 +0100 Subject: [PATCH 92/92] update bundle after merge and add description --- .tekton/operator-bundle-pipeline.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.tekton/operator-bundle-pipeline.yaml b/.tekton/operator-bundle-pipeline.yaml index aab60df515e7b..8f6864ebc4362 100644 --- a/.tekton/operator-bundle-pipeline.yaml +++ b/.tekton/operator-bundle-pipeline.yaml @@ -351,7 +351,7 @@ spec: - name: name value: wait-for-image - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:pr-22@sha256:4ac1b0ae69c8fcb0acc147a6c5f5b9ebbfa14a4cf9ad4194b0c1544879de13d4 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:3811d015320129588caf7629533a5b51b8c405b3b92e8d37165384f6750f9b66 - name: kind value: task resolver: bundles @@ -665,6 +665,7 @@ spec: resolver: bundles - name: create-acs-style-snapshot + description: Creates a Snapshot representing a valid set of ACS containers unlike the Snapshots created by Konflux automatically # Explicitly running after all other tasks to ensure that # - there are no failures that should prevent a release of the operator-bundle image (missing RPMs signatures, deprecated base images, ...) # - the source image is present as it is required by EC @@ -786,7 +787,7 @@ spec: - name: name value: create-snapshot - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:pr-22@sha256:4ac1b0ae69c8fcb0acc147a6c5f5b9ebbfa14a4cf9ad4194b0c1544879de13d4 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:3811d015320129588caf7629533a5b51b8c405b3b92e8d37165384f6750f9b66 - name: kind value: task resolver: bundles